Systems at one London council are not likely be up and running until the end of the week, a memo seen by the Local Democracy Reporting Service warns
Multiple London councils are believed to have been targeted in cyber attacks in the past 24 to 48 hours.
Staff at Hackney Council were sent an urgent communication on Tuesday morning (November 25), warning them against phishing and social engineering attack methods, though the East London council is understood not to have been hit itself.
A missive, seen by MyLondon and the Local Democracy Reporting Service (LDRS), stated: “We have received intelligence that multiple London councils have been targeted by cyber-attacks within the last 24-48 hours, with potential disruption to systems and services. We are escalating our internal cyber threat level to critical. Your immediate cooperation is essential to protect the council and the data of our residents.”
Council workers have been reminded not to open suspicious emails, click on unusual links, or verify unusual requests.
The LDRS has also seen an internal memo by Westminster City Council saying it shut down all its networks as a precautionary measure following a “cyber security incident”. It is not clear who is suspected of carrying it out, however, the memo does say affected systems are unlikely to be up and running until the end of this week.
The note says Microsoft Teams and Outlook remain unaffected by the shutdown and that adult and children’s social care is running “as usual”. The council’s Emergency Duty Team for out-of-hour support is also operating.
It is understood the council triggered “business continuity arrangements” and an emergency response. It is also understood that executive directors and senior managers are providing advice and support to affected service areas.
The memo warns of longer waiting times for residents and “partners” trying to get in touch with the council.
It comes as the council today (November 25) said in a post on X it is aware of an issue “which will affect your ability to contact us” either via the contact centre or online through services such as Report It
“We apologise for any inconvenience caused and are communicating with our partners to understand when we should expect services to return,” the post continued.
Anyone needing to report an immediate emergency issue is being told to email [email protected].
The Royal Borough of Kensington and Chelsea has written on X to say it is experiencing a “serious IT issue”. The council did not go into further detail about the nature of the issue, which it first revealed publicly in another statement on X at 1.10pm on Monday (November 24).
The latest statement, posted today at 10.51am, says: “We’re continuing to experience a serious IT issue that will affect your ability to get in touch with us, either through phone or through some online tools. We’re working internally and with our partners to investigate. If you need to get in touch with us https://rbkc.gov.uk/contact-us/call-or-email-us.”
RBKC works collaboratively with Westminster City Council in several areas. Staff at Westminster received a memo this morning confirming their own IT system had been shut down as a precautionary measure due to a cyber security incident.
Meanwhile, the Mayor of London, Sadiq Khan, said he was unaware of the attack when asked by the LDRS earlier today.
He said City Hall is helping councils build better cyber resilience through the London Office of Technology and Innovation, the national cyber security agency and the National Crime Agency to learn lessons from previous the attacks like the one on Transport for London, Marks and Spencer and Heathrow Airport.
He said: “We are trying to encourage councils to have better resilience but the reality is, I’m afraid, those who breach protections are going to try more and more ways to get into those systems. We’re going to make sure we’re resilient, that means making sure we have the right safeguards in place.”
He added: “We’re making sure councils learn best practice from us.”
Hackney Council was hit by a serious cyber attack in 2020 that led to hackers gaining access to and encrypting 440,000 files, affecting at least 280,000 residents and other individuals including staff. The Information Commissioner’s Office reprimanded the council last year over the incident, saying it found “examples of a lack of proper security and processes to protect personal data”.
Westminster City Council and Kensington and Chelsea Council, the Metropolitan Police, The National Crime Agency and the Information Commissioners Office have all been contacted for comment.
Have you been affected by this? If so, contact Adrian at [email protected] or Callum at [email protected]
? Sign up to our daily newsletters for all the latest and greatest from across London here
