Cyber security attack FAQs

Discovery and investigation

When we discovered the attack: We discovered unusual activity on the morning of Monday 24 November and immediately took action. The cyber security attack impacted Kensington and Chelsea Council, Westminster City Council, and Hammersmith and Fulham Council – who all share a number of IT systems and services as part of shared service agreements.

Immediate actions we took: After discovering the unusual activity, we took all immediate steps including isolating systems to make them as safe as possible. We have followed all steps since that time, and in line with advice from experts from the National Cyber Security Centre, our own contractors NCC Group, relevant regulators and the Met Police.

Data that has been taken: We have obtained evidence that shows some data has been copied and then taken away. We are currently assessing that data with a dedicated specialist team.

If we discover at any point that sensitive residents’ data has been taken we will contact those affected directly to let you know.

Lost data: We still have access to this information. A copy has been taken, but the data has not been encrypted by an attacker or third party.

Who is responsible for the attack: We don’t have all of the answers yet, so it’s too early to say who did this and why. We are working with the Met Police, Information Commissioners Office, the National Cyber Security Centre, and all relevant regulators.

Steps we’re taking to investigate: This is ongoing, and we are working alongside experienced IT and cyber experts and following all guidance from National Cyber Security Centre.

How our systems were protected: We spend over £12 million annually on IT and security systems. In this case, our systems did as they were supposed to allowing us to detect the attack and take action.

When services will return to normal: The Council is still facing weeks of disruption, and it may take months to get all services back up and running.

Services affected by the incident: We have started to bring systems and services back with safety and data protection as a priority. Many key on-street services, such as our twice weekly bin collections and street cleaning, are continuing as before, but other more digitally-reliant systems are disrupted.

Data and security

Information that could be compromised: We are continuing to check this and also to prioritise searches for any personal or financial details of residents, customers and service users.

If we discover at any point that sensitive residents’ data has been taken we will contact those affected directly to let you know.

Changing passwords: Follow the advice given by the National Cyber Security Centre on what to do if you have an account or any details with an organisation that has been targeted in a cyber attack and has had a data breach. It is always wise to have unique and strong passwords, to use multi factor authentication and update your software. We would invite all residents to think about the safety of their data – and be alert and report any scams to the relevant authorities.

Information shared online: It is possible that the data copied and taken could end up in the public domain. Our current understanding is this has not taken place, but we are monitoring the situation alongside police.

Protecting yourself: We are encouraging all residents, customers and service users to be extra vigilant when called, emailed or sent text messages. You can also follow the National Cyber Security Centre’s advice on keeping your data safe and what to do if you are worried about this data breach.

If you think you’re a victim of identity theft: Call the police and report it as a crime. Where there has been a possible breach relating to an incident, the National Cyber Security Centre advises forwarding any suspicious emails to [email protected] and text messages to 7726, which is a free service.

Contacting other organisations, such as your bank or utilities: We believe the cyber attack only impacts our systems.

Affected data: We are still working hard to understand what is in the data, and who it might impact. We expect this to take some months.

If we discover at any point that sensitive residents’ data has been taken we will contact those affected directly to let you know.

Find out more from our latest data update.

What data we hold about you: If you are particularly concerned, you can submit a formal subject access request to the Council, but please be aware that collating such information will take some time due to the incident and we may not be able to meet our normal service levels.

Resident support

How to contact us

You can call us using our contact details, or visit us at the Customer Service Centre:

Customer Service Centre
Kensington Town Hall
Hornton Street
London
W8 7NX

Monday to Friday, 9am to 5pm

Our Housing Repairs reporting phone line is up and running and well-staffed.

Details of our response teams: From Monday 24 November, we set up our Emergency Response programme and Gold command overseeing a cross-council team drawn from different services to ensure a fast-paced, coordinated response to the incident. Our IT team, together with our cyber security advisers NCC Group, worked around the clock to understand the attack, mitigate it, and then start bringing systems back online.

We now have moved from an emergency response to an ongoing recovery effort which is now helping frontline services return to normal. This will take time but we are prioritising services that have most impact on residents and businesses.

Payment disruptions and your rights: This does not affect your rights.

How to pay your rent and service charge

If you pay by Direct Debit

We’ve fixed the housing management Direct Debit system so payments due from 21 December 2025 onwards will be taken as usual.

If we missed your payment on 28 November, 7 December or 15 December we will make arrangements to collect these payments.

for tenants making rent payments we will contact you early in the new year to agree arrangements to collect payment for the missed Direct Debit(s)
for leaseholders paying service charge or major works contributions we will spread your missed payment(s) across your remaining payments for this financial year. We will write to you shortly with your new payment schedule

We are aware some housing associations are sending letters regarding rent arrears to tenants. This is usually an automated message and will usually be followed by reassurance from your housing association that they are aware of the cyber attack and the reason for the delay to your rent payments.

If you have specific concerns regarding communication from your housing association or landlord, contact them directly in the first instance.

If you pay another way

You should carry on making payments if you usually pay another way. You can't pay online, but you can set up a standing order or pay using our automated payment line.

automated payment line: 020 3974 4670

Support available for council tenants and estates: All our estate caretaking services and other estate services are working normally. Our housing offices at Worlds End, Lancaster West and the reception at Malton Road remain open.

Receiving Housing Benefit or DHP payments

Housing Benefit

The Revenues and Benefits systems have been offline since the cyber-attack in November 2025. Housing Benefit payments have now been made to residents in private rented, housing association, RBKC Housing Management and Temporary Accommodation properties up until Sunday 05th April 2026 using an emergency process, with the last payment covering entitlement up to 5th April 2026.

As we transition back to using our Revenues and Benefits system with the utmost caution and security, we regret that there will be a delay in making the next Housing Benefit payment. The next payment is expected to be issued at the end of May.

The Council wishes to apologise for the inconvenience that this delay may cause.

Discretionary Housing Payments – DHP

At the end of March we made a payment of any DHP amounts due up to 29th March 2026.

Unfortunately, there will be a delay in making any further Discretionary Housing Payments until the end of May. This is to enable the Council to transition safely and securely back to using our Revenues and Benefits system
The Council wishes to apologise for the inconvenience that this delay may cause.

Where to find further support and information: The latest information about the incident will be published on our newsroom. You can find up-to-date contact details on our website.

Services

Council tax bills for 2026 to 2027

We apologise for the delay in issuing Council Tax bills for the 2026/27 financial year. This delay has been caused by a cyber-attack on the Council in late November 2025, which affected several systems, including Revenues and Benefits and systems which had to be taken offline.

We are expecting to send your annual council tax bill in May with your instalments to start in June. When you receive your bill, your instalments will be different due to us having to send the bill later than usual:

monthly payments: June to March
quarterly payments: June, September, December and March
half yearly payments: June and November
yearly payment: June

Your bill will not include changes reported from November 2025. If you have already informed us of updates, no further contact is needed. We will send a revised bill in the subsequent weeks if necessary. Please note our phone lines will be very busy during this period.

Who to contact about specific services

You can find service-by-service contact details and updates online.

We are experiencing some issues with our phone lines, so please bear with us.

We are also updating our frequently asked questions regularly.

Paying for parking: We are selling resident parking permits, arranging parking suspensions and taking payment for Pay-by-Phone visitor parking as usual.

We are issuing penalty charge notices in the normal way, and the early payment discount still applies.

Planning applications and land charge searches: Our planning system is back online.

Please bear with us while we manage a backlog of 1,700 planning applications and 600 land charge searches.

See more information specifically about our planning systems in our newsroom.

What this means for temporary accommodation: We are able to renew temporary accommodation.

Business rates and council tax collection

Business rates and council tax are still due and payable.

Our council tax and business rates system is still not fully up and running but we can accept payments safely and securely by bank transfer:

The Royal Borough of Kensington and Chelsea General Account
NatWest Bank PLC
London Corporate Service Centre
2nd Floor 2 1/2 Devonshire Square
London EC2M 4BA

For council tax

Sort code: 57-20-24
Account No: 00000000
Reference: Use your council tax account reference number which can be found at the top of your bill when making payment.

For Business Rates

Sort code: 57-20-32
Account No: 00000000
Reference: Use your Business Rates account reference number which can be found at the top of your bill when making payment.

If you are new to the borough and awaiting a bill, please be aware this may take some time and we recommend setting aside funds in your bank to cover the upcoming bill.

We continue to work hard to restoring the council tax and Business Rates systems and will continue to provide updates on our website with our progress.

If you are unable to pay the balance for 2025/26, once you receive your annual bill for 2026/27 please contact the department and we can discuss repayment.

If you are new to the borough and have advised us that you have moved in and are waiting for a bill, please be aware this may take some time. We recommend setting aside funds in your bank to cover the upcoming bill.

We continue to work hard to restoring the council tax and Business Rates systems and will continue to provide updates on our website with our progress.

Make a safeguarding referral: Our website has been updated with direct contact details should you be worried about a child’s safety and welfare.

If you're a foster carer: The cyber-attack coincided with the weekly pay-run for our internal foster carers. We are currently working on a solution to enable payments to our foster carers to be made and all payments due will be updated and paid.

Ongoing court action: If we are currently in care proceedings, we hope that you are being supported by a legal advocate. We are doing all that we can to ensure that hearings go ahead and to avoid any unnecessary court delays.Hospital discharges and who to contact

Adult social care help: Our adult social care teams are working alongside NHS partners to support people in this situation, but do contact us if you require help and advice.

Reporting anti-social behaviour, street issues, or waste concerns: Please email details to [email protected].

Booking an event or street closure: To notify the Council of your event, please contact our special events team by email at [email protected] or submit an application via this externally-hosted system. We can advise of any relevant permissions required and can facilitate road closures and parking suspensions for events as normal, but will need plenty of advance notice. Please contact the special events team via email to make a request and receive specific guidance.

Emergency funding: All payments for client affairs are being made. If you are expecting a payment from us in relation to housing benefits and discretionary housing payments, you may not receive it from us on time. We’re working to fix this as quickly as possible, but can't confirm a date yet.

What school staff need to know: We are working closely with headteachers on this issue.

Disabled Badges: Unfortunately, we do not currently have access to our disabled badge system following the cyber attack and therefore are unable to process applications or issue Blue or Purple Badges.

Residents with a Purple Badge which has expired from 1 October 2025, or is due to expire soon, should continue displaying their current Purple Badge. We have told parking enforcement officers not to issue penalty charge notices (parking tickets) to Purple Badge holders with recently expired badges, and this will remain in place until our systems are back up and running.

If you have any questions, email [email protected] or call 020 7361 2390.

Impact on Freedom of Information and Subject Access Requests: Our responses to Freedom of Information requests (FOIs) and Subject Access Requests (SARs) may be delayed while we continue to investigate the cyber attack and confirm its impact. We have notified the Information Commissioner's Office of the incident and will share more information as it becomes fully available.

Communication

How we'll update you: The latest information about the incident will be published on our website. Find up-to-date contact details. We will also be updating social media channels – https://www.instagram.com/kensingtonandchelseacouncil and https://www.x.com/rbkc – and providing information in print.

If we discover at any point that sensitive residents’ data has been taken we will contact those affected directly to let you know.

When we informed residents about the cyber attack: As soon as we knew our systems had been compromised, we let the public know.

We further updated again when we learned there had been a data breach, and informed the Information Commissioner’s Office.

We do not yet have the full picture of what data has been copied and whether that includes any personal details at this stage, but we are working hard on this.

Review of how the incident happened: We will as a matter of course be reviewing what happened. Right now, we are focused on tackling the issues the attack has created and getting services fully running and systems back online.

Make a complaint

If you would like to make a complaint about our council services, email [email protected].

Include as much information as possible, including:

your name and address
contact details
what you think we have done wrong
how it's impacted you
what you think we should do to put it right

It's also helpful to know if you have contacted us about this issue before and when.

Last updated: 1 May 2026

On this page