Kensington and Chelsea Borough Council alerted residents to a possible cyber attack on the borough’s shared IT systems, which could lead to stolen personal information being used by scammers and fraudsters. The council informed residents to be aware of their surroundings and to report anything unusual. A week prior to the cyber attack, 3 councils – Kensington and Chelsea Borough Council, Westminster City Council, and Hammersmith & Fulham Borough Council – all suffered an outage of their shared IT systems.
Hackers gained entry to the system and copied historical data from the systems
As of December, the council sent letters to over 100,000 households. Letters told residents to be careful of:
- Unsolicited emails, texts, or phone calls claiming to be from the council
- Links and attachments received by email
- Suspicious transaction activity on bank and other accounts
Households must contact the National Cyber Security Centre (NCSC) if they suspect something is amiss.
Letters also cautioned residents that hackers could utilize the stolen information to create false emails or messages that appear legitimate. Residents were urged to verify the authenticity of any contact from the council and never reply to unsolicited messages or requests.
Police, National Cyber Security Centre, and Information Commissioner working together
Metropolitan Police Service, National Cyber Security Centre, Information Commissionerโs Office, and cyber security firms are assisting the council in determining where the data breach occurred, what kind of data was stolen, and how much of it exists.
Identification and containment of the attack
Although the council states that their cyber defense system quickly identified the attack and contained it, stopping hackers from encrypting the stolen data and allowing council employees to access the data internally, the fact that copies of the stolen data exist means there is a high probability that the data will be released or utilized.
Many of the council’s services have been disrupted due to the shared IT system outage. While some systems are back to normal, other systems are still down or functioning at a reduced level. The council is using manual processes to continue providing essential services, although residents can expect delays.
Concerns regarding the length of the service disruption
The council expressed concern regarding the length of time that services would be disrupted while the council continues to work towards restoring services. She stated that council employees are doing their best to answer questions from residents and minimize disruptions; however, it will likely be weeks before normal operations resume. Experts say that when neighboring municipalities have linked systems, the risk is much greater. Once an attacker gains access to a network, they can easily traverse between adjacent networks.
Kensington and Chelsea Borough Council provided the following steps for residents to protect themselves:
- Do not click on links or open attachments received in unsolicited emails
- Monitor your financial statements and credit reports
- Contact the NCSC or the council via approved contact methods if you notice any suspicious activity.
Steps to avoid successful scams are important, and these steps align with national best practices for cybersecurity. Councils across the country are facing increasingly difficult decisions as to how to provide digital innovation and cybersecurity protection for residents, while continuing to function under strained budget conditions.
Although Kensington and Chelsea Borough Council invested heavily each year in IT and security, the attackers were able to succeed. Councils across the country are facing increasingly difficult decisions as to how to provide digital innovation and cybersecurity protection for residents, while continuing to function under strained budget conditions. This breach not only exposes the vulnerability of municipal IT systems but also the importance of swift action and notification of residents who may be affected by a breach.
