UPDATE: Kensington and Chelsea Council has urgently contacted 100,000 households after a significant cyber attack potentially exposed their personal data. The incident, which occurred in November 2025, has raised alarms about the misuse of sensitive information by criminals.
Residents are being urged to heed advice from the National Cyber Security Centre, as the council warns that the compromised data could be exploited to enhance the credibility of scams. In a statement on their website, officials cautioned residents to remain vigilant against unexpected communications, including calls, messages, and emails claiming to be from the council.
The council confirmed that the attack was executed “with criminal intent” and acknowledged that initial assessments show some of the accessed data could contain personal details. “It is possible that any data copied and taken from us could be misused or published,” the update read. Kensington and Chelsea Council stated they are proactively addressing the situation in collaboration with law enforcement.
“We are planning accordingly for this, working with law enforcement at every step,” the council added.
The cybersecurity team reacted swiftly, detecting and containing the breach. Fortunately, officials believe that hackers did not access third-party systems that support essential services and store data. However, a thorough investigation is underway, particularly focusing on files belonging to vulnerable individuals.
Although the council is making strides in managing the situation, they indicated that it may take months to complete a comprehensive review of all potentially compromised files. As part of their response, Kensington and Chelsea Council is collaborating with Westminster City Council and Hammersmith and Fulham Council to track the data breach, as all three councils share impacted services and systems.
Authorities highlighted that cyber attacks targeting local governments are not uncommon. In 2024, the local government sector reported over 150 incidents to the Information Commissioner’s Office. The council emphasized their ongoing battle against cybercrime, noting they intercepted and isolated 113,000 phishing attempts between June and September 2025.
Due to the attack, some council services remain disrupted, and restoring all systems securely will take time. In a related development, staff at Westminster City Council have been advised to exercise caution while using Microsoft Teams, following reports of targeted attempts on the platform. An internal memo revealed that some council data was copied in the attack, resulting in delays in payments to suppliers.
A spokesperson for Westminster City Council confirmed that the authority is dedicated to actively informing and supporting staff with guidance to enhance cyber security.
As this situation develops, residents are encouraged to stay alert and report any suspicious activities. The council’s response highlights the critical importance of cybersecurity in safeguarding community trust and personal information.
For ongoing updates and more information, stay tuned as we continue to cover this urgent situation. Ensure your data security by following official guidelines and remaining vigilant against potential scams.
