Several London councils have experienced a cyber incident which has impacted multiple systems.

On Tuesday, the Royal Borough of Kensington and Chelsea (RBKC) and Westminster City Council (WCC), which share a number of IT systems and services, announced that several systems were impacted by the attack, including phone-lines.

The two boroughs also share some IT services with the London Borough of Hammersmith and Fulham.

While Hackney Council has not been directly impacted, it has raised its cybersecurity threat level to "critical" amidst the reports.

RBKC and WCC said that at this stage it is "too early" to say who was responsible for the attack or why it was carried out.

The councils are investigating the incident to see if any data has been compromised.

“We don’t have all the answers yet, as the management of this incident is still ongoing,” they wrote in a joint statement. “But we know people will have concerns, so we will be updating residents and partners further over the coming days.”

Since the incident was "quickly" identified on Monday morning, the councils said that they have been working with specialist cyber incident experts and the National Cyber Security Centre (NCSC) to protect systems and data, restore systems, and maintain critical services.

Commenting on the news, Dray Agha, senior director of security operations at cyber company Huntress, said: "This coordinated incident highlights a critical vulnerability in modern public services: the double-edged sword of shared IT infrastructure. While such systems are efficient, the breach of one council can instantly compromise its partners, crippling essential services for hundreds of thousands of residents. It underscores an urgent need to move beyond simple cost-saving IT models and invest in resilient, segmented networks that can contain such threats and protect vital public services."

Dai Vaughan, chief technology officer of consultancy Public Digital said that organisations need to shift from a prevention-only mindset to one built on "ongoing preparedness and resilience as a commitment."

“Alongside protecting systems, there is a critical need to modernise ageing technology," he continued. “Technology and approaches common in the 2000s or 2010s simply can’t keep pace with the rapidly evolving AI capabilities and cyber-criminals operating at industrial scale now.

“With the right approach, digital transformation and cyber resilience strengthen each other, helping organisations and critical services prepare for the challenges and opportunities of the AI age."

---