Cyber security incident FAQs

Below is a list of the most asked questions. If you have any other questions regarding the incident please contact us.

The incident

When and how did you discover there had been a cyber attack?

We discovered unusual activity on the morning of Monday 24 November and immediately took action. The cyber security attack impacted Kensington and Chelsea Council, Westminster City Council, and Hammersmith and Fulham Council – who all share a number of IT systems and services as part of shared service agreements.

What action did you take?

After discovering the unusual activity, we took all immediate steps including shutting down and isolating systems to make them as safe as possible. We have followed all steps since that time, and in line with advice from experts from the National Cyber Security Centre, our own contractors NCC Group, relevant regulators and the Met Police.

Has any data been taken? If so, what is it?

We have obtained evidence on our systems that shows some data has been copied and then taken away. We are currently checking whether it contains any personal or financial details of residents, customers and service users, but this will take some time.

Have you lost the data?

No. We still have access to this information. A copy has been taken, but the data has not been encrypted by an attacker or third party.

Who is responsible?

We don’t have all of the answers yet, so it’s too early to say who did this and why. We are working with the Met Police, Information Commissioners Office, the National Cyber Security Centre, and all relevant regulators.

What steps are being taken to investigate the incident?

This is ongoing, and we are working alongside experienced IT and cyber experts and following all guidance from National Cyber Security Centre.

Why was the Council not better protected against this attack?

We spend over £12 million annually on IT and security systems. In this case, our systems did as they were supposed to allowing us to detect the attack and take action.

How long until things are back to normal?

The Council is facing weeks of disruption, and it may take months to get all services back up and running.

What services are affected?

We have started to bring systems and services back with safety and data protection as a priority. Many key on-street services, such as our twice weekly bin collections and street cleaning, are continuing as before, but other more digitally-reliant systems are disrupted.

Data and security concerns

What information of mine could be compromised?

We are continuing to check this and also to prioritise searches for any personal or financial details of residents, customers and service users. We will be in touch if we find anything.

Do I need to change any passwords?

Follow the advice given by the National Cyber Security Centre on what to do if you have an account or any details with an organisation that has been targeted in a cyber attack and has had a data breach. It is always wise to have unique and strong passwords, to use multi factor authentication and update your software. We would invite all residents to think about the safety of their data – and be alert and report any scams to the relevant authorities.

Has this information been shared online?

It is possible that the data copied and taken could end up in the public domain. Our current understanding is this has not taken place, but we are monitoring the situation alongside police.

What steps can I take to protect myself?

We are encouraging all residents, customers and service users to be extra vigilant when called, emailed or sent text messages. You can also follow the National Cyber Security Centre’s advice on keeping your data safe and what to do if you are worried about this data breach.

What should I do if I discover I’ve been a victim of identity theft?

Call the police and report it as a crime. Where there has been a possible breach relating to an incident, the National Cyber Security Centre advises forwarding any suspicious emails to [email protected] and text messages to 7726, which is a free service.

Do I need to contact any other organisations, such as my bank or utilities suppliers?

We believe the cyber attack only impacts our systems.

Could the data leaked reveal my location?

We are still working hard to understand what is in the data, and who it might impact. This will take time.

How can I find out what information you hold about me?

If you are particularly concerned, you can submit a formal subject access request to the Council, but please be aware that collating such information will take some time due to the incident and we may not be able to meet our normal service levels.

Resident support

What is the best way for me to contact you?

You can call us using the contact details on our website, or by visiting the Customer Service Centre (CSC) at Kensington Town Hall between 9am and 5pm, Monday to Friday. The CSC will also be open from 10am until 4pm this weekend (Saturday 6 and Sunday 7 December) for urgent in-person queries only. Our Housing Repairs reporting phone line is up and running and well-staffed.

Do you have a dedicated team dealing with this incident?

We do. Since Monday 24 November, we have set up our Emergency Response programme and have a Gold command overseeing a cross-council team drawn from different services to ensure a fast paced, coordinated response to the incident. Our IT team, together with our cyber security advisers NCC Group, has worked around the clock for days to understand the attack, mitigate it and then start bringing systems back online.

If you are unable to take any payments will this affect my rights?

No, this does not affect your rights.

Will you take action if I can’t pay my rent to the council at the normal time?

No one will be subject to rent arrears action because of rent due which cannot be collected because of the current cyber issues.

I’m a Council tenant. Is there any support available on my estate or in my neighbourhood?

Yes – all our estate caretaking services and other estate services are working normally. Our housing offices at Worlds End, Lancaster West and the reception at Malton Road remain open.

Where can I find more information to help?

The latest information about the incident will be published on our newsroom. You can find up-to-date contact details on our website.

Services

Who do I contact if I have questions or concerns about a specific service?

You can find service-by-service contact details and updates online. Please be aware that we are experiencing some issues with our phone lines, so please bear with us. We are also updating a set of frequently asked questions regularly on our website.

Should I still pay for parking?

Yes, we are selling resident parking permits, arranging parking suspensions and taking payment for Pay-by-phone visitor parking as usual. We are issuing penalty charge notices in the normal way, and the early payment discount still applies.

Can I submit a planning application?

Yes, but we are currently unable to start processing it so you will not receive an acknowledgement.

I am in temporary accommodation – will my accommodation be renewed?

We are able to renew temporary accommodation.

Will business rates be collected?

Business rates and council tax are still due and payable. Unfortunately, collection by Direct Debit is temporarily unavailable, however all other payment methods remain operational and secure. It is important you continue paying in accordance with your bill as missed payments may lead to recovery action being taken once systems are restored. If you are new to the borough and awaiting a bill, please be aware this may take some time and we recommend setting aside funds in your bank to cover the upcoming bill.

How do I make a safeguarding referral if those systems or phone lines are not working?

Our website has been updated with direct contact details should you be worried about a child’s safety and welfare.

I am a foster carer, will I be paid, and what do I need to do?

The cyber-attack coincided with the weekly pay-run for our internal foster carers. We are currently working on a solution to enable payments to our foster carers to be made and all payments due will be updated and paid.

Does this incident impact personal budgets? Will the Council contact me?

Where possible, there will be no impact on personal budgets. If you are experiencing issues regarding direct payment, please contact the direct payments finance team by emailing [email protected] as we are not currently able to access clients’ direct contact details.

You are taking me to court, will this still happen?

If we are currently in care proceedings, we hope that you are being supported by a legal advocate. We are doing all that we can to ensure that hearings go ahead and to avoid any unnecessary court delays.

You collect my money via Direct Debit, is that still safe? What should I do if I get a bill in error or if I spot any issues with my payments?

If you pay business rates, service charges, rent, council tax or other invoices by Direct Debit, your payment will not be taken on the usual date. It will be taken later once our systems are back online. You should keep the funds in your account so the payment can be collected when the service resumes, or you may wish to use an alternative payment method instead.

I am due to be discharged from hospital, or I have just been discharged. Will this impact me? Who can I contact?

Our adult social care teams are working alongside NHS partners to support people in this situation, but do contact us if you require help and advice.

How do I report anti-social behaviour or an issue with streets, pavements, and waste collection?

Please email details to [email protected].

I want to book an event or a street closure. How do I do that?

To book an event, please contact our special events team by email at [email protected] or submit an application via this externally-hosted system. We currently have no way to process new applications for road closures.

Will the Council provide emergency funding for people who have not received payments?

All payments for client affairs are being made. If you are expecting a payment from us in relation to housing benefits and discretionary housing payments, you may not receive it from us on time. We’re working to fix this as quickly as possible, but can't confirm a date yet.

I work at a school, do I need to do anything?

No, we are working closely with headteachers on this issue.

Communication

How and where will you update us on the situation? How can I stay up to date?

The latest information about the incident will be published on our website. You can find up-to-date contact details at https://www.rbkc.gov.uk/contact-us/call-or-email-us. We will also be updating social media channels – https://www.instagram.com/kensingtonandchelseacouncil and https://www.x.com/rbkc – and providing information in print.

Why were we not informed about the incident as soon as it happened?

As soon as the Council knew our systems had been compromised we let the public know. We further updated again when we learned there had been a data breach, and informed the Information Commissioner’s Office. We do not yet have the full picture of what data has been copied and whether that includes any personal details at this stage, but we are working hard on this.

Will there be a review into how this incident happened?

Yes, we will as a matter of course be reviewing what happened, how, and what we can do to prevent such attacks in the future. Right now, we are focused on tackling the issues the attack has created and getting services fully running and systems back online.

I want to complain, how do I do that?

If you would like to complaint about a Council Service, please send your complaint to [email protected]. Please make sure you include as much information as possible and be sure to include your name, address, contact details, what you think the Council has done wrong, how has it impacted you and what you think the Council should do to put it right. It is also helpful to know if you have you contacted the Council about this issue before and, if so, when.