Cyber attack forces council staff out of offices

The Royal Borough of Kensington and Chelsea (RBKC) in west London has advised staff to work away from council offices following a cyber attack.

It is understood that the same incident, which is being investigated by the National Crime Agency and GCHQ's Cyber Security Centre, has also affected Westminster City Council and Hammersmith and Fulham Council as part of "joint arrangements".

RBKC said it had now "established the cause of the cyber incident" and had "activated emergency plans" to maintain critical services.

Cyber security expert Nathan Webb told the BBC that there was a "possibility personal data may have been compromised" and urged residents in the boroughs to be cautious.

He added: "Attackers will frequently use publicity around attacks to further target victims, so any correspondence around the incident should be treated with caution."

RBKC said in a statement it had informed the Information Commissioner's Office.

An internal RBKC memo, seen by the Local Democracy Reporting Service (LDRS), shows the council is keeping parts of its networks closed as a "precautionary measure".

The note says staff can continue to access the guest wi-fi and mobile hotspots in its offices but the authority is not predicting a full return of all affected systems "for some days".

It also urges staff to "remain vigilant".

Mr Webb, principal consultant at Acumen Cyber, told the BBC it was "essential" that the organisation behind the affected systems was identified so "its other customers can take action to protect their systems".

The online security expert said it was "positive" that the councils had initiated emergency response plans, but said: "Until we know more about the scale of the incident, and what systems and have been impacted, we won't know how long it will take to mitigate, or which, if any, council services are affected."

A spokesperson for the RBKC told the BBC: "Our IT teams have worked through the night this week and have now established the cause of a cyber incident which was identified on Monday."

They added: "We will not be giving out further details of the incident at this stage because the investigation is continuing."

The council said some of its systems, including phone lines, continue to be disrupted by the attack, but said it had placed alternative contact numbers on its website, external.

The spokesperson added: "Our website is undergoing planned maintenance relating to ongoing management of the incident, so some pages may be in and out across the day and residents may not be able to use our online forms. We are working hard to bring services back online."

RBKC told the LDRS that it took cyber security "seriously" and spent more than £12m annually on IT and security systems.

Rik Ferguson, from cyber security company Forescout, said the attack highlighted how "organisations are seldom 'in control' of their cyber risk".

He explained that companies were "sharing" the risk with others they are connected with digitally.

"These kinds of attacks have the potential to exploit the financial and functional interdependence between organisations, turning a breach at one into an industry (or in this case local authority)-wide crisis," he added.

BBC Specialist Hub cyber correspondent Joe Tidy said although it is not known what kind of cyber attack the council faced, the action taken hints "at a very serious response usually reserved for major incidents".

"The council has clearly taken the difficult decision to disconnect servers or services from the internet to prevent hackers getting inside the system or reduce further access," he said.

"We saw a similar approach taken by the supermarket chain The Co-op in the spring.

"Although an extreme and blunt move, it is often wise to sever the connection of hackers to systems.

"But, as we saw with the Co-op, by the time the hackers were disconnected, they had already been in for a while and stolen the private data of 6.5m people."

Additional reporting by Adrian Zorzut, Local Democracy Reporting Service.

Listen to the best of BBC Radio London on Sounds and follow BBC London on Facebook, external, X, external and Instagram, external. Send your story ideas to hello.bbclondon@bbc.co.uk, external