Three West London boroughs have promised a comprehensive review of their shared IT arrangements following a major cyber incident that disrupted services and led to evidence of data theft.
Westminster City Council, the Royal Borough of Kensington and Chelsea (RBKC), and Hammersmith and Fulham Councils confirmed that hackers accessed and copied residents’ personal data. In response, leaders across the boroughs have pledged to conduct an independent review of their shared services model, examining both governance and resilience “when the time is right”.
Council representatives said the review will:
• Assess vulnerabilities in the shared IT infrastructure.
• Scrutinise contractual arrangements with service providers to ensure accountability.
• Recommend reforms to strengthen cyber resilience and protect residents’ data.
• Report publicly on findings to maintain transparency and rebuild trust.
Services Still Disrupted
While the councils work to restore systems, residents continue to face disruption with online portals for housing and benefits still unavailable and-customer service lines have been intermittently down. Meanwhile, the Local Government Ombudsman has paused new complaints against the affected councils to allow recovery efforts. The councils said that it may take months for its systems to be running as normal.
The leader of Kensington and Chelsea Council, Elizabeth Campbell, said the authority is working with the Information Commissioner and the National Cyber Security Centre (NCSC), to establish what happened.
