Kensington and Chelsea confirms IT outage was a data breach after all

Steven

Kensington and Chelsea confirms IT outage was a data breach after all

Summary

The Royal Borough of Kensington and Chelsea (RBKC) has confirmed that data was copied from its systems during last week’s IT outage that affected three London councils. RBKC says evidence shows files were taken and removed from its environment, likely involving ‘historical’ records, but has not disclosed the types or volume of data or who may be impacted. The National Cyber Security Centre and the Metropolitan Police are investigating.

Key Points

  • RBKC upgraded the incident from an IT outage to a confirmed data breach after finding evidence that attackers copied data.
  • The council has not specified what was stolen, how much, or the duration of attacker access; it is checking for personal and financial information.
  • RBKC believes the impact is mainly on ‘historical’ data but warns residents to be extra vigilant for suspicious calls, emails or texts.
  • The outage involved a shared IT estate across Kensington & Chelsea, Hammersmith & Fulham and Westminster, increasing the blast radius of the attack.
  • Investigations are underway by the NCSC and the Metropolitan Police; no major ransomware group has claimed responsibility and the stolen data could possibly be published.

Content Summary

RBKC initially reported an unspecified IT incident; an updated statement confirms evidence that data was copied and removed. The council is restoring services but warns of ongoing delays and reduced availability for at least two weeks. Hammersmith & Fulham says it has no evidence of compromise but is taking enhanced security steps; Westminster continues to experience technical issues. Without clear detail on what was taken, residents and businesses remain uncertain whether sensitive records such as tenancy data, social care notes, licensing applications or payment details are affected.

Context and Relevance

This breach highlights the downside of tightly integrated public-sector IT systems: sharing finance, housing, case management and other services makes operations efficient but lets a single incident ripple across multiple councils. The event fits a wider pattern of municipal cyberattacks in the UK and underlines the need for stronger resilience, clearer disclosure and faster incident response from local government bodies.

Author style

Punchy: this is a significant local-government cybersecurity story. The council’s scant detail makes this more alarming — readers should press for facts about scope and affected data. It’s not just an IT hiccup; it’s a real breach that could matter to residents.

Why should I read this?

Short answer: because if you live, work or do business in these boroughs it could affect you. Check bank/card activity, watch for phishing attempts, and keep an eye on council updates. We’ve read the long statement so you don’t have to — here’s the bit that matters.

Source

Source: https://go.theregister.com/feed/www.theregister.com/2025/12/02/london_councils_data_breach/