Cyberattack Disrupts Shared IT Services of Three London Councils
A cybersecurity incident has disrupted the shared IT systems of the Royal Borough of Kensington and Chelsea, Westminster City Council, and the London Borough of Hammersmith and Fulham. The attack, first identified on a Monday morning, has led to outages affecting council websites, phone lines, and online reporting services, forcing the councils to invoke business continuity and emergency plans. The National Cyber Security Centre (NCSC) is assisting with remediation, and IT teams have implemented mitigations to restore services and protect data, though the full extent of the compromise remains under investigation.
Authorities have stated that it is too early to determine the responsible party or the motive behind the attack, and investigations are ongoing to assess whether any data has been compromised. The councils have notified the Information Commissioner’s Office as a precaution and are prioritizing support for their most vulnerable residents. Residents have been advised of service disruptions and assured that updates will be provided as more information becomes available. Media reports suggesting Hackney Council was affected have been denied by officials.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Officials publicly confirm major disruption across multiple councils
By November 26, multiple outlets reported that RBKC and Westminster were suffering major service outages tied to shared infrastructure, while Hammersmith and Fulham was also affected. The cause and perpetrator had not been confirmed, though experts and reporting suggested a possible ransomware intrusion.
NCSC, police, and cyber specialists join the investigation
The National Cyber Security Centre, the Metropolitan Police, and specialist cyber incident responders became involved in investigating and remediating the attack. The UK Information Commissioner's Office was also notified as authorities assessed possible data compromise.
Hammersmith and Fulham takes precautionary action over shared services
The London Borough of Hammersmith and Fulham, which shares elements of the affected IT environment, took precautionary measures that also caused business disruption. This marked the incident's expansion beyond the two primary councils initially hit.
Councils activate emergency measures and shut down systems
As the incident unfolded, the affected councils invoked emergency and business continuity plans, shut down multiple computerized systems to contain potential damage, and provided alternative contact methods for residents. Websites, phone lines, and other council services were disrupted.
Cyber incident begins on shared London council IT systems
A significant cybersecurity incident began on Monday affecting shared IT services used by the Royal Borough of Kensington and Chelsea and Westminster City Council, with possible impact extending to Hammersmith and Fulham. The disruption knocked some systems offline and affected council operations.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
6 references tracked. Mallory keeps watching after this page renders.
Cyberattack Disrupts Services Across London Councils
techrepublic.com
Open sourceLondon councils probe cyber incident as shared IT systems knocked offline
go.theregister.com
Open sourceCyber ‘issue’ hits three London councils with shared IT services
therecord.media
Open sourceMultiple London Councils Responding to Cyberattack
bankinfosecurity.com
Open sourceMultiple London councils' IT systems disrupted by cyberattack
bleepingcomputer.com
Open sourceMultiple London Councils Responding to Cyberattack
govinfosecurity.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Cyberattack Disrupts Ludwigshafen City Administration IT Services
The city administration of Ludwigshafen experienced a significant IT outage, with all online services, telephone, and email communications rendered unavailable for several days. Initial investigations and monitoring system alerts prompted the city to disconnect its IT systems on November 6, and a forensic analysis was immediately launched. Authorities have since confirmed that indications of a cyberattack have strengthened, though there is currently no evidence of citizen data exfiltration. Emergency protocols were activated, and the city continues to assess the extent of the incident while working to restore services. This incident highlights the ongoing threat to public sector organizations in Germany, as noted in recent reports by the Federal Office for Information Security (BSI), which warns that cyberespionage and attacks on public administration remain a serious concern. The BSI also emphasizes that many institutions, particularly those with political relevance, remain vulnerable due to insufficient security measures. The Ludwigshafen case underscores the need for robust cybersecurity and incident response capabilities in municipal administrations.
Mar 21, 2026
Surge in Nationally Significant Cyberattacks in the United Kingdom
The United Kingdom has experienced a dramatic increase in the number and severity of cyberattacks targeting its organizations, as highlighted in the National Cyber Security Centre's (NCSC) latest annual review. Over the past year, the NCSC incident management team responded to 429 cyberattacks, a figure nearly identical to the previous year, but the proportion of attacks classified as 'nationally significant' rose sharply to 204, representing a 48% increase. The number of 'highly significant' attacks, which have a serious impact on central government, essential services, or a large segment of the population, also increased by 50%, reaching 18 incidents. These highly significant attacks are just one step below a national cyber emergency and require coordinated responses from senior government officials and law enforcement. The NCSC categorizes incidents on a six-level scale, with the most severe being those that disrupt critical services or threaten national security. The government has responded to this surge by issuing direct communications to chief executives and business leaders, urging them to take concrete steps to bolster their cyber resilience. This includes the recommendation to maintain physical, offline copies of cyberattack contingency plans, as digital systems may be rendered inaccessible during an incident. The advice comes in the wake of high-profile attacks on major UK companies such as Marks and Spencer, The Co-op, and Jaguar Land Rover, which resulted in empty shelves and halted production lines due to IT system outages. The attack on Jaguar Land Rover, in particular, was described as an economic security incident, with prolonged disruption threatening the government's economic growth objectives. The NCSC's annual review emphasizes the need for organizations to adopt resilience engineering strategies, focusing on the ability to anticipate, absorb, recover, and adapt to cyber threats. Firms are encouraged to plan for operations without IT systems and to develop alternative communication methods in the event of a cyberattack. The review also notes that while the overall number of incidents handled by the NCSC has remained stable, the increasing severity and sophistication of attacks pose a growing threat to national security and economic stability. The British government is taking a proactive stance by alerting industry leaders to the heightened risk environment and the necessity of robust cyber defense measures. The NCSC's chief executive, Richard Horne, has underscored that cybersecurity is now a matter of business survival and national interest. The review's findings have prompted calls for greater collaboration between government, industry, and academia to address the evolving threat landscape. The rise in significant cyberattacks is attributed to more intense, frequent, and sophisticated hostile activity targeting British businesses and critical infrastructure. The NCSC's categorization system helps prioritize response efforts and ensures that the most severe incidents receive the necessary attention and resources. The government’s outreach to business leaders is intended to drive home the urgency of preparing for cyber incidents that could have far-reaching consequences. The review also highlights the importance of learning from recent incidents to improve future response and recovery efforts. Organizations are advised to regularly test and update their contingency plans, ensuring that they are practical and accessible in a crisis. The NCSC continues to provide guidance and support to organizations across the UK, aiming to strengthen the country's overall cyber resilience. The increase in nationally significant and highly significant attacks marks the third consecutive year of rising severity, signaling a persistent and escalating threat. The government’s message is clear: cyberattacks are not just an IT issue but a critical risk to business continuity and national prosperity. The NCSC’s annual review serves as both a warning and a call to action for all sectors to prioritize cybersecurity and resilience in the face of mounting cyber threats.
Mar 21, 2026
Malware Attack Disrupts Passaic County, New Jersey Phone Lines and IT Systems
Passaic County, New Jersey reported a **malware attack** that disrupted county government **IT systems** and caused widespread **phone line outages** across offices serving a population of nearly 600,000. The county indicated phone service went down Wednesday morning and later confirmed the outage was tied to a cyber incident, stating it is working with **federal and state officials** to investigate and contain the intrusion. Officials have not publicly detailed which specific systems were impacted beyond telephony and general IT services, nor attributed the activity to a specific threat actor or confirmed ransomware. County statements also noted that other New Jersey local governments have experienced similar incidents recently, aligning with broader reporting that **municipal and county governments** have remained frequent targets of disruptive malware and ransomware operations.
Mar 21, 2026