UK: Kensington and Chelsea council cyber attack exposes personal data of hundreds of thousands | Fuse Squared
Close Menu
🛡️
Your Privacy, With Layers of Protection.
Quick Poll
Do you believe WhatsApp messaging is private and secure?
Learn More
Cloud Computing

UK: Kensington and Chelsea council cyber attack exposes personal data of hundreds of thousands

News RoomBy 4 Mins Read814 Views

Listen to the article

0:00
0:00

A cyber attack on Kensington and Chelsea Borough has compromised personal data of hundreds of thousands of residents, prompting urgent warnings and investigations amid rising local authority cyber incidents.

Personal data belonging to hundreds of thousands of people is believed to have been copied and taken in a cyber attack on the Royal Borough of Kensington and Chelsea, the council has said, prompting warnings to residents to be cautious about unexpected calls, messages and links that could be used to make scams appear legitimate. According to the council, small samples of the data suggest it may include sensitive personal information and residents should use published council contact routes if they have concerns. [1][2][3]

The incident, which the council detected after noting “unusual activity” early on Monday, was contained by its security systems and has been referred to the Metropolitan Police and Action Fraud, with inquiries described as being in the early stages and no arrests so far. The council said it is working with the National Cyber Security Centre and has informed the Information Commissioner’s Office as it investigates which records were accessed. The Met’s Cyber Crime Unit said inquiries were ongoing. [1][3][5]

Elizabeth Campbell, leader of the council, said: “We decided to go out immediately and say to people this is what’s happened, this data has been copied and it has been taken and you should be aware therefore you are at risk.” She added the council was “going through all the documentation to see if there are specific places where we know that someone’s been at risk – and then we will contact them directly.” The council is prioritising checks on files belonging to vulnerable individuals, a process it warns could take months. [1][2]

Cyber security experts and officials emphasise why local authorities are frequent targets. Speaking to the BBC, cyber security expert Graeme Stewart said local authorities are targeted because “they have got a lot of really, really interesting data”.”Cyber attackers don’t have any moral scruples. They will basically go for the easiest targets that they can. Quite a lot of these local authorities get attacked all the time and most of the time it won’t work – but eventually someone’s going to get through,” he said, noting councils often operate under sustained budgetary pressure. [1]

The attack affected systems shared with Westminster City Council and Hammersmith and Fulham Council, forcing the shutdown of multiple computerised systems and disruption to some services including phone lines as a precaution while restoration work continues. The councils say they are maintaining critical operations for residents while investigating the extent of historical data involved and whether it contains personal or financial details. The National Crime Agency and the NCSC are offering support. [5][4][2]

The breach comes amid a wider surge in local government data incidents. Industry data shows cyber data breaches in local authorities have risen sharply in recent years, with some reporting thousands of incidents driven often by basic human error such as misdirected emails and unauthorised sharing of information. One analysis found a 388% rise in reported local authority data breaches over three years, underlining chronic sector vulnerability. The Local Government Association has repeatedly urged resilience measures and advises against paying ransoms, backing proposals to formalise a public-sector ban on ransom payments to reduce incentives for attackers. [6][7]

Authorities have written to more than 100,000 households with guidance and urged residents to be vigilant for contact purporting to come from the council. Officials warned that the stolen information could be used to make fraudulent approaches appear legitimate and asked people to verify contact via the councils’ published channels. Investigations will continue with support from national cyber and law enforcement agencies as officials assess the full scale and impact of the breach. [1][3][5][4]

##Reference Map:

  • [1] (The Independent) – Paragraph 1, Paragraph 2, Paragraph 3, Paragraph 4, Paragraph 7
  • [2] (RBKC media release) – Paragraph 1, Paragraph 3, Paragraph 5
  • [3] (BBC) – Paragraph 2, Paragraph 7
  • [4] (The Guardian) – Paragraph 5, Paragraph 7
  • [5] (The Guardian – technology) – Paragraph 2, Paragraph 5, Paragraph 7
  • [6] (LocalGov) – Paragraph 6
  • [7] (Local Government Association briefing) – Paragraph 6

Source: Fuse Wire Services

Access Our Exclusive Research

In-depth analysis and actionable data to keep you ahead of the curve.

Explore Reports
View Whitepapers

Never Miss an Update. Get our latest research delivered straight to your inbox.

Share.

News Room is the dedicated editorial voice of Fuse Squared, delivering timely updates, insights, and analysis across the world of information technology. Covering everything from AI breakthroughs and cloud computing to cybersecurity, datacenters, enterprise software, storage, and mobile innovations, the News Room ensures readers stay ahead in the fast-changing digital landscape.

Keep Reading

News

Company

Services

© 2026 Fuse squared. All Rights Reserved. Designed By Sawah Solutions