Personal data belonging to as many as 100,000 households may have been exposed following a cyber attack on one of London’s wealthiest boroughs.
The Royal Borough of Kensington and Chelsea confirmed this week that unauthorised access to its systems occurred in late November 2025, with data copied and removed with criminal intent.
Council leader Elizabeth Campbell described the breach as serious and stated the authority informed residents as soon as it became clear data had been copied and removed from their systems.
Early analysis suggests the stolen information may include personal and sensitive details, though officials cautioned that a full review could take several months due to the volume and complexity of records involved.
The council has written to all households warning that stolen data could make fraud attempts more credible. Residents have been advised to remain vigilant for unexpected emails, phone calls, or messages claiming to be from the council and requesting personal or financial details.
According to the authority, it is prioritising the review of records linked to vulnerable residents. Officials stated they will contact individuals directly if further checks reveal higher risk levels.
Some council services remain disrupted as security checks continue. The breach has also affected Westminster City Council and Hammersmith and Fulham Council, which share IT services with Kensington and Chelsea.
However, the authority noted there is no evidence so far that third-party systems used for frontline services have been accessed.
The Metropolitan Police has launched a criminal investigation into the incident, though no arrests have been made at this stage. The National Cyber Security Centre is working closely with the council on the matter.
The breach forms part of a wider pattern of cyber attacks targeting UK local authorities. Councils hold valuable data including housing, benefits, and social care records, making them attractive targets for organised cybercriminals.
Cyber security specialists have described attacks on public bodies as becoming more frequent, sophisticated, and disruptive. Budget pressures and legacy IT systems continue to challenge public sector cyber security defences despite rising investments in protective measures.
The council has pledged to provide further updates as more information becomes available from the ongoing investigation.
Feature Image byย https://www.pexels.com/photo/classic-buildings-located-on-street-7245305/
