Info Gov

Three West London boroughs have promised a comprehensive review of their shared IT arrangements following a major cyber incident that disrupted services and led to evidence of data theft.

Westminster City Council, the Royal Borough of Kensington and Chelsea (RBKC), and Hammersmith and Fulham Councils confirmed that hackers accessed and copied residents’ personal data. In response, leaders across the boroughs have pledged to conduct an independent review of their shared services model, examining both governance and resilience “when the time is right”.

Council representatives said the review will:
• Assess vulnerabilities in the shared IT infrastructure.
• Scrutinise contractual arrangements with service providers to ensure accountability.
• Recommend reforms to strengthen cyber resilience and protect residents’ data.
• Report publicly on findings to maintain transparency and rebuild trust.

Services Still Disrupted
While the councils work to restore systems, residents continue to face disruption with online portals for housing and benefits still unavailable and-customer service lines have been intermittently down. Meanwhile, the Local Government Ombudsman has paused new complaints against the affected councils to allow recovery efforts. The councils said that it may take months for its systems to be running as normal.

The leader of Kensington and Chelsea Council, Elizabeth Campbell, said the authority is working with the Information Commissioner and the National Cyber Security Centre (NCSC), to establish what happened.

Also in this section

Jul 16, 2026

Scattered Spider pair jailed over TfL hack

Two members of the Scattered Spider hacking collective have each been jailed for five and a half years at Woolwich Crown Court on 16 July over a 2024 cyber attack on Transport for London that compromised the personal data of millions of customers and cost the transport authority £39 million.
Jul 15, 2026

Government introduces mandatory data breach reporting protocol

The Cabinet Office has published a Model Action Plan setting out a single cross-government framework that all departments and arms-length bodies must follow when responding to significant personal data breaches, introducing mandatory central reporting of such incidents for the first time.
Jun 29, 2026

"Five eyes" warn on accelerating cyber security threat from AI

The National Cyber Security has called on organisational leaders to treat cyber resilience as a core business and governance responsibility rather than a technical matter in the light of a report by the Five Eyes intelligence alliance on the "fundamental" impact of AI on the speed and scale of cyber threats.
Jun 15, 2026

Government AI hackathons uncover 407 vulnerabilities across nine departments, including critical remote code execution flaw

A pilot programme using frontier AI models to scan public-sector code repositories has identified 407 security findings across nine government organisations, including a critical vulnerability that could have allowed an external attacker to execute arbitrary code on a key digital service, the Department for Science, Innovation and Technology (DSIT) and the National Cyber Security Centre (NCSC)…

InfoGov Masthead Newsletter 800