Published: Wednesday 17 December 2025
Cyber attack and data breach update, December 2025
We are providing a further update for residents and partners, following a cyber attack halted by our security systems on Monday 24 November 2025.
What we now know
Following extensive investigation with cyber-security specialists from NCC Group and independent forensic experts, we can confirm that this was a cyber attack with criminal intent, with data copied and taken away.
Our cyber security team detected and contained the attack quickly. There is no evidence of any lateral movement, so we believe the attack was stopped before it spread to third party systems that help us provide services and store data.
We confirmed a data breach with the Information Commissioner's Office at the earliest opportunity. We are now investigating that breach for any sensitive data – small samples show that some of the resident data copied is likely to contain sensitive data and personal information.
It is possible any data copied and taken from us could be misused or published. We are planning accordingly for this, working with law enforcement at every step.
Please read and follow National Cyber Security Centre advice on keeping your data safe and what to do if you are worried about a data breach.
We are taking steps to work through the data in accordance with ICO and legal rules and will be in touch with residents directly. We recognise the sensitivity and importance of this work.
What our work involves
Checking details in files that may have been accessed, much of this will yield nothing, but we want to make sure we turn over every stone.
Prioritising checks for any sensitive personal data or information about vulnerable individuals, but it will take months to check everything thoroughly.
Coordinating with Westminster City Council and London Borough of Hammersmith & Fulham, and working with law enforcement agencies and the National Cyber Security Centre to track data and any criminality.
Our approach is to be open and transparent at every step, but also to not cause unnecessary alarm where it may not be warranted, or compromise an ongoing criminal investigation.
Why has the Council been attacked?
Investigations are still ongoing, but it is not unusual for councils and other public sector organisations to be targeted in cyber attacks – especially by criminals looking for personal information or sensitive data.
In fact most local authorities are under constant attack. In 2024, the local government sector reported over 150 incidents to the Information Commissioner's Office.
Here at RBKC we deal with cyber crime related activity and issues on an almost daily basis. For example, between June and September this year, the Council intercepted and isolated over 113,000 phishing attempts, mainly by email. We spend £12 million a year on Digital, Data, and Technology, but this is the first time in our history an attack has been so disruptive.
Support for residents and partners
We have already written to over 100,000 households with guidance on what to do if you are worried about the breach. Translated versions are also available.
We have extensive updates on our website, and FAQs are updated daily.
We continue to direct people to trusted advice from the National Cyber Security Centre on protecting yourself from fraud, scams, or identity misuse, and what to do when an organisation suffers a data breach at the hands of cyber criminals.
We encourage everyone to be vigilant. Criminals may use information obtained from this breach to make scams seem more legitimate. Please take extra care with:
- unexpected emails or messages requesting financial or personal information
- links or attachments you were not expecting
- contacts claiming to be the Council but asking you to provide sensitive details
If in doubt, use our published contact routes rather than replying directly.
Impact on your services
Some of our systems remain disrupted, or are operating using temporary arrangements.
These means:
- slower services response times and some phones lines out of action
- difficulties in revenue and benefits processing
- housing and social care administration issues
- payments and Direct Debit collections delayed, but please do expect us to still collect as soon as systems are back online
We're working to restore all systems securely, but this will take time. Essential services, including those supporting vulnerable residents, are being prioritised.
Our customer service centre is open, and we continue to be open for business. You trust us to run services day in and day out, and we continue to do this using well-rehearsed back-up plans.
Next steps
Our investigation is ongoing and will take several months, due to the complex nature of the attack and the data involved, and the need to restart many of our systems.
We are committed to sharing accurate updates as soon as new information becomes available.
We will write to people if they are impacted by the data breach.
We continue to work closely with law enforcement and cybersecurity agencies here and internationally to investigate the incident.
We understand this is a worrying situation, and we thank residents, local partners, and our own staff for their patience and cooperation.
We will be establishing a cyber recovery team in the coming weeks, and further updates will be available on our website. Our staff are here and ready to help.