When your council gets hacked, real life stops
When your council gets hacked, it’s not just a few computers that go offline – it’s the everyday stuff you rely on without thinking. That’s exactly what’s happening in inner London right now.
Three boroughs – Kensington & Chelsea, Westminster, and Hammersmith & Fulham – have had to trigger emergency plans after a major cyber-attack hit their shared IT systems. Phone lines have been disrupted, online services cut back, and key systems shut down on purpose to stop the attack spreading. Together, those councils serve more than half a million residents.
Investigators from the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) are now involved. At the time of writing, it’s still not publicly confirmed whether residents’ data has been stolen, but the incident is serious enough that systems were taken offline for days while engineers worked through the night.
This is what it looks like when a whole slice of a city suddenly has to run on paper, workarounds and emergency plans.
What actually broke for Londoners?
The three councils share parts of their IT infrastructure, which is great for efficiency – right up until it all goes wrong. Once the cyber-attack was detected, the councils shut down multiple systems as a precaution. That has knock-on effects for residents:
Everyday services suddenly get “please bear with us”
Residents have already been warned to expect slow or disrupted:
- Call centres and main phone lines
- Online forms and self-service portals
- Council tax checks and payment systems
- Parking fine payments and other online transactions
Websites have been up and down as teams patch and rebuild systems. The councils are prioritising “life and limb” services and the most vulnerable residents first – which is exactly what you’d hope, but it also means routine stuff can grind almost to a halt.
The invisible chaos behind the scenes
On the inside, staff can be left without access to:
- Case management systems
- Housing and repairs platforms
- Social care records
- Planning and land search systems
This isn’t just inconvenient. If you can’t see up-to-date records, you can’t process benefits, approve housing moves, or respond properly to safeguarding concerns – at least not without slow, manual workarounds.
This isn’t a one-off – councils are becoming prime targets
If this all feels a bit “surely that’s a freak event?”, it isn’t. UK local government has been in the crosshairs for years.
- Hackney Council (2020): A ransomware attack encrypted around 440,000 files, with disruption lasting well into 2022 and recovery costs running into the millions.
- Redcar & Cleveland (2020): Ransomware effectively collapsed digital services overnight – websites went dark, telephony and business systems were crippled, and recovery cost over £10m.
- Gloucester City Council (2021): A targeted ransomware attack encrypted servers and stopped services that relied on that data, with the ICO later taking enforcement action over security failings.
And it’s not just the UK:
Atlanta, USA (2018): A ransomware attack shut down city services, from court systems to bill payments. The ransom demand was about $50k in Bitcoin – but recovery costs spiralled into the tens of millions.
The pattern is the same: hit a public body that runs critical services, encrypt or disrupt systems, and you don’t just break computers – you break daily life.
Why councils are such tempting targets
Shared IT = shared risk
Kensington & Chelsea and Westminster already share significant parts of their IT infrastructure, and Hammersmith & Fulham plugs into some of the same systems.
That’s efficient when things are going well, but for attackers it’s a force multiplier:
Compromise one shared environment, and you can potentially disrupt three councils at once.
Old systems, tight budgets, high stakes
Most councils juggle:
- Legacy systems built up over decades
- Limited cyber budgets and staff
- Constant pressure to “do more with less”
At the same time, they hold huge volumes of sensitive data – everything from housing and benefits records to social care notes and payment details. That combination of high-value data + under-resourced defences is catnip for cybercriminals.
They know you’ll pay attention
Even when councils refuse to pay ransoms (as Redcar & Cleveland did), attackers still win attention and cause chaos.
If you’re a criminal group trying to prove a point, or a politically motivated outfit trying to make headlines, knocking out part of London’s local government is a very visible way to do it.
What this London attack means for your town
You don’t have to live in Kensington, Westminster or Hammersmith & Fulham for this to matter.
If three relatively well-resourced inner London councils can be hit hard enough to trigger emergency plans, it’s a warning shot for every other local authority – and for the people who rely on them.
Here’s what this episode is really saying:
- No council is “too small” or “too boring” to be a target.
- Shared services spread risk as well as savings.
- Recovery can take months or years, not days. Hackney, Redcar and Gloucester all learned that the hard way.
When your council gets hacked, you feel it in:
- Bins not collected when they should be
- Delayed housing repairs or applications
- Slower responses to complaints and FOI requests
- Confusion about whether your personal data has been stolen
So what can residents actually do?
You can’t patch the council’s servers yourself, but you’re not completely powerless. A few practical steps:
1. Assume your council will be attacked at some point
That doesn’t mean panic – it means being prepared:
- Keep copies of important documents (bills, letters, agreements) somewhere safe.
- Don’t rely on “I’ll just log into the portal” being possible during a crisis.
2. Know the “offline” routes
When systems go down, councils fall back to old-school methods:
- Phone numbers for emergency housing, adult social care and children’s services
- Physical office locations and opening times
- Local councillor contact details
It’s worth bookmarking or even printing these while things are calm.
3. Watch for follow-on scams
After any big public cyber incident, scammers pile in with fake emails and texts pretending to be from the affected organisation.
Be extra suspicious of:
- “We need you to verify your details because of the recent cyber incident” messages
- Links asking you to re-enter bank details or passwords
- Unexpected “refunds” or “rebate” notifications
Go directly to the official website or phone line instead of clicking links, especially in the weeks after a high-profile attack.
4. Push (politely) for better cyber security
Councils are political bodies. They respond to pressure.
- Ask your local councillors what the authority is doing on cyber security.
- Support investment in modernising systems and training staff.
- Respond to consultations that mention digital transformation or IT changes.
It’s not as flashy as a new leisure centre, but robust cyber security is now basic infrastructure, just like roads and bins.
The takeaway – “local” cyber-attacks don’t stay local
The London councils incident isn’t just a tech story; it’s a preview. As more councils share IT, move services online and live inside tight budgets, the question isn’t if another council gets hacked, but when – and how well they cope when it does.
For half a million Londoners, that question just stopped being theoretical.
For everyone else, this is your early warning.