London Councils Hit by Coordinated Cyberattacks as NCSC Steps In

Several London borough councils are continuing to manage a wave of cyberattacks first detected earlier this week, prompting outages across key public services, the activation of emergency plans and direct support from the National Cyber Security Centre (NCSC).

The incident affecting the Royal Borough of Kensington & Chelsea (RBKC), Westminster City Council (WCC), Hammersmith & Fulham, and Hackney highlights the mounting pressure on local authorities as cyber-criminal activity becomes more coordinated and more sophisticated.

RBKC and Westminster confirmed disruption across a number of systems, including critical phone lines, and have deployed additional teams to maintain resident communications and support vulnerable service users.

Both councils are working with external incident-response specialists and the NCSC to assess the attack, recover affected systems and safeguard sensitive data. The Information Commissioner’s Office has also been notified. Hackney staff were warned that “multiple London councils” were being targeted, with potential for further disruption.

The scale and timing of the attacks reflect wider national trends. Analysis of data from 27 councils in 2024 found more than 2,400 suspected data breaches were recorded in 2024. With constrained budgets and technology estates that have accumulated over many years, many authorities remain reliant on legacy systems that are increasingly difficult to secure.

Shared-service models, while delivering cost efficiencies, introduce another layer of systemic vulnerability. Where infrastructure is tightly integrated across borough boundaries, a compromise in one environment can quickly escalate, magnifying the operational impact across multiple councils.

Public Digital: Resilience Must Now be a Leadership Priority

Public Digital – founded by the team behind the Government Digital Service (GDS) – advises governments and large organisations globally on resilience, cyber readiness and digital leadership. The consultancy also helped develop the Local Government Association’s cyber incident “grab bag” toolkit, widely used across the sector.

CTO Dai Vaughan said the events of this week underline the need for practical, realistic cyber guidance for council leaders.

“With multiple London councils currently targeted in a major cyber-attack, the risks facing local government have never been more immediate,” he said. “As councils work to restore services and protect residents, there’s an urgent need for practical, actionable guidance tailored to the realities of public sector technology.”

Vaughan said organisations must now assume disruption is inevitable and plan for it as a continuous discipline. Prevention alone, he argued, is no longer sufficient.

“Disruption from cyberattacks is no longer a matter of if, but when. Organisations need to shift from a prevention-only mindset to one built on ongoing preparedness and resilience as a commitment,” he said. He added that many councils continue to operate on technology stacks from the 2000s and 2010s – infrastructures that cannot keep pace with AI-enabled attacks now operating at industrial scale.

He emphasised that digital transformation and cyber resilience should be viewed as mutually reinforcing. Modernising outdated technology not only strengthens day-to-day services but also improves recovery speed and reduces the likelihood of severe operational disruption. Responding to an attack, he said, is never purely technical; it affects every team, dependency and delivery partner.

While attackers continue to grow more sophisticated, Vaughan noted that some of the most effective mitigations are straightforward. Enforcing multi-factor authentication, segmenting networks to prevent cascading failures, and strengthening oversight of supplier access all remain critical to reducing risk. For councils with tightly interconnected systems, these steps are particularly urgent.

He added that true resilience “isn’t about eliminating risk but understanding it, planning for it, and building a culture that can absorb shocks and recover quickly.” Organisations that take this approach, he said, are better positioned to protect core operations and maintain trust with residents and partners during disruptive events.