Cyber security attack FAQs

Discovery and investigation

When we discovered the attack: We discovered unusual activity on the morning of Monday 24 November and immediately took action. The cyber security attack impacted Kensington and Chelsea Council, Westminster City Council, and Hammersmith and Fulham Council – who all share a number of IT systems and services as part of shared service agreements.

Immediate actions we took: After discovering the unusual activity, we took all immediate steps including isolating systems to make them as safe as possible. We have followed all steps since that time, and in line with advice from experts from the National Cyber Security Centre, our own contractors NCC Group, relevant regulators and the Met Police.

Data that has been taken: We have obtained evidence that shows some data has been copied and then taken away. We are currently assessing that data with a dedicated specialist team.

If we discover at any point that sensitive residents’ data has been taken we will contact those affected directly to let you know.

Lost data: We still have access to this information. A copy has been taken, but the data has not been encrypted by an attacker or third party.

Who is responsible for the attack: We don’t have all of the answers yet, so it’s too early to say who did this and why. We are working with the Met Police, Information Commissioners Office, the National Cyber Security Centre, and all relevant regulators.

Steps we’re taking to investigate: This is ongoing, and we are working alongside experienced IT and cyber experts and following all guidance from National Cyber Security Centre.

How our systems were protected: We spend over £12 million annually on IT and security systems. In this case, our systems did as they were supposed to allowing us to detect the attack and take action.

When services will return to normal: The Council is facing weeks of disruption, and it may take months to get all services back up and running.

Services affected by the incident: We have started to bring systems and services back with safety and data protection as a priority. Many key on-street services, such as our twice weekly bin collections and street cleaning, are continuing as before, but other more digitally-reliant systems are disrupted.

Data and security

Information that could be compromised: We are continuing to check this and also to prioritise searches for any personal or financial details of residents, customers and service users.

If we discover at any point that sensitive residents’ data has been taken we will contact those affected directly to let you know.

Changing passwords: Follow the advice given by the National Cyber Security Centre on what to do if you have an account or any details with an organisation that has been targeted in a cyber attack and has had a data breach. It is always wise to have unique and strong passwords, to use multi factor authentication and update your software. We would invite all residents to think about the safety of their data – and be alert and report any scams to the relevant authorities.

Information shared online: It is possible that the data copied and taken could end up in the public domain. Our current understanding is this has not taken place, but we are monitoring the situation alongside police.

Protecting yourself: We are encouraging all residents, customers and service users to be extra vigilant when called, emailed or sent text messages. You can also follow the National Cyber Security Centre’s advice on keeping your data safe and what to do if you are worried about this data breach.

If you think you’re a victim of identity theft: Call the police and report it as a crime. Where there has been a possible breach relating to an incident, the National Cyber Security Centre advises forwarding any suspicious emails to [email protected] and text messages to 7726, which is a free service.

Contacting other organisations, such as your bank or utilities: We believe the cyber attack only impacts our systems.

Affected data: We are still working hard to understand what is in the data, and who it might impact. This will take time.

If we discover at any point that sensitive residents’ data has been taken we will contact those affected directly to let you know.

What data we hold about you: If you are particularly concerned, you can submit a formal subject access request to the Council, but please be aware that collating such information will take some time due to the incident and we may not be able to meet our normal service levels.

Resident support

How to contact us: You can call us using the contact details on our website, or by visiting the Customer Service Centre (CSC) at Kensington Town Hall between 9am and 5pm, Monday to Friday. The CSC is closed 25 to 28 December.

Details of our response teams: Since Monday 24 November, we have set up our Emergency Response programme and have a Gold command overseeing a cross-council team drawn from different services to ensure a fast paced, coordinated response to the incident. Our IT team, together with our cyber security advisers NCC Group, has worked around the clock for days to understand the attack, mitigate it and then start bringing systems back online.

Payment disruptions and your rights: This does not affect your rights.

How to pay your rent and service charge

If you pay by Direct Debit

We’ve fixed the housing management Direct Debit system so payments due from 21 December 2025 onwards will be taken as usual.

If we missed your payment on 28 November, 7 December or 15 December we will make arrangements to collect these payments.

for tenants making rent payments we will contact you early in the new year to agree arrangements to collect payment for the missed Direct Debit(s)
for leaseholders paying service charge or major works contributions we will spread your missed payment(s) across your remaining payments for this financial year. We will write to you shortly with your new payment schedule

If you pay another way

You should carry on making payments if you usually pay another way. You can't pay online, but you can set up a standing order or pay using our automated payment line.

automated payment line: 020 3974 4670

Support available for Council tenants and estates: All our estate caretaking services and other estate services are working normally. Our housing offices at Worlds End, Lancaster West and the reception at Malton Road remain open.

Where to find further support and information: The latest information about the incident will be published on our newsroom. You can find up-to-date contact details on our website.

Services

Who to contact about specific services: You can find service-by-service contact details and updates online. Please be aware that we are experiencing some issues with our phone lines, so please bear with us. We are also updating a set of frequently asked questions regularly on our website.

Paying for parking: We are selling resident parking permits, arranging parking suspensions and taking payment for Pay-by-phone visitor parking as usual. We are issuing penalty charge notices in the normal way, and the early payment discount still applies.

Submitting a planning application: You can still submit a planning application but we are currently unable to start processing it so you will not receive an acknowledgement.

What this means for temporary accommodation: We are able to renew temporary accommodation.

Business rates and council tax collection: Business rates and council tax are still due and payable. Unfortunately, collection by Direct Debit is temporarily unavailable, however all other payment methods remain operational and secure. If you are new to the borough and awaiting a bill, please be aware this may take some time and we recommend setting aside funds in your bank to cover the upcoming bill.

Make a safeguarding referral: Our website has been updated with direct contact details should you be worried about a child’s safety and welfare.

Information for foster carers: The cyber-attack coincided with the weekly pay-run for our internal foster carers. We are currently working on a solution to enable payments to our foster carers to be made and all payments due will be updated and paid.

Personal budgets: Where possible, there will be no impact on personal budgets. If you are experiencing issues regarding direct payment, please contact the direct payments finance team by emailing [email protected] as we are not currently able to access clients’ direct contact details.

Ongoing court action: If we are currently in care proceedings, we hope that you are being supported by a legal advocate. We are doing all that we can to ensure that hearings go ahead and to avoid any unnecessary court delays.

Direct Debits and billing issues: If you pay business rates, service charges, rent, council tax or other invoices by Direct Debit, your payment will not be taken on the usual date. It will be taken later once our systems are back online. You should keep the funds in your account so the payment can be collected when the service resumes. We will write to you once we are able to collect payments again.

Hospital discharges and who to contact: Our adult social care teams are working alongside NHS partners to support people in this situation, but do contact us if you require help and advice.

Reporting anti-social behaviour, street issues, or waste concerns: Please email details to [email protected].

Booking an event or street closure: To notify the Council of your event, please contact our special events team by email at [email protected] or submit an application via this externally-hosted system. We can advise of any relevant permissions required and can facilitate road closures and parking suspensions for events as normal, but will need plenty of advance notice. Please contact the special events team via email to make a request and receive specific guidance.

Emergency funding: All payments for client affairs are being made. If you are expecting a payment from us in relation to housing benefits and discretionary housing payments, you may not receive it from us on time. We’re working to fix this as quickly as possible, but can't confirm a date yet.

What school staff need to know: We are working closely with headteachers on this issue.

Making land or property searches: The Council is looking to regain access to land and property data systems as soon as possible. It is likely that Land Charges will start a partial search service prior to the resuming of full searches. If you would like to be added to a mailing list for land charges updates, email [email protected] and ask to be added to the mailing list. Any change will also be on the Land Charges page.

Disabled Badges: Unfortunately, we do not currently have access to our disabled badge system following the cyber attack and therefore are unable to process applications or issue Blue or Purple Badges.

Residents with a Purple Badge which has expired from 1 October 2025, or is due to expire soon, should continue displaying their current Purple Badge. We have told parking enforcement officers not to issue penalty charge notices (parking tickets) to Purple Badge holders with recently expired badges, and this will remain in place until our systems are back up and running.

If you have any questions, email [email protected] or call 020 7361 2390.

Communication

How we will update you: The latest information about the incident will be published on our website. You can find up-to-date contact details at https://www.rbkc.gov.uk/contact-us/call-or-email-us. We will also be updating social media channels – https://www.instagram.com/kensingtonandchelseacouncil and https://www.x.com/rbkc – and providing information in print.

If we discover at any point that sensitive residents’ data has been taken we will contact those affected directly to let you know.

When residents were informed about the incident: As soon as the Council knew our systems had been compromised we let the public know. We further updated again when we learned there had been a data breach, and informed the Information Commissioner’s Office. We do not yet have the full picture of what data has been copied and whether that includes any personal details at this stage, but we are working hard on this.

Review of how the incident happened: We will as a matter of course be reviewing what happened. Right now, we are focused on tackling the issues the attack has created and getting services fully running and systems back online.

Make a complaint: If you would like to complaint about a Council Service, please send your complaint to [email protected]. Please make sure you include as much information as possible and be sure to include your name, address, contact details, what you think the Council has done wrong, how has it impacted you and what you think the Council should do to put it right. It is also helpful to know if you have you contacted the Council about this issue before and, if so, when.

Last updated: 18 December 2025

On this page