Three of London’s most high-profile councils were thrown into disruption last week after a cyberattack struck their shared IT systems, knocking critical services offline and forcing an urgent response from national security agencies.

The incident began on Monday, 25 November 2025, when Kensington & Chelsea, Westminster and Hammersmith & Fulham detected suspicious activity across their joint infrastructure, with thousands of residents unable to access everyday essentials such as council-tax payments, housing support and parking services.
By Tuesday morning, the situation had escalated. All three councils shut down wide portions of their digital infrastructure in an effort to contain the intrusion. The National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) stepped in to coordinate the investigation, while staff issued public warnings about possible delays and temporary service blackouts.
On 28 November the councils confirmed that historical data may have been copied during the breach. While they stressed there was still no evidence that personal or financial information had leaked publicly, they notified the Information Commissioner’s Office (ICO) and advised residents to stay alert to potential fraud.
How the Attack Spread So Quickly?
Cybersecurity analysts studying early forensic clues say the attack carries hallmarks of lateral movement, a technique where intruders gain access to a single entry point, then move sideways through connected systems.
Because the three councils rely heavily on shared IT architecture, attackers likely found it easier to spread across linked networks once inside. A public-sector security consultant summed it up bluntly:
“When you attack councils, you hit services people depend on every day. It doesn’t take much to turn an IT breach into a civic crisis.”
Across the UK, other councils immediately began internal reviews, issuing memos urging teams to tighten credentials, check access logs and patch older systems, a sign that the sector suspects this may not be an isolated incident.
Could It Have Been Prevented?
While the investigation is ongoing, the attack highlights long-standing issues inside local authority infrastructure: legacy systems, limited budgets and shared services that mix convenience with vulnerability.
Early analysis suggests several measures could have limited the impact:
- Network segregation to prevent one breached system from dragging down three councils at once.
- Zero-trust access controls and mandatory MFA for all administrative accounts.
- Regular patching and audits to close known vulnerabilities before attackers exploit them.
- Tested backups and recovery plans to restore services quickly during crises.
- Staff training, since compromised credentials remain one of the most common entry points.
These aren’t new ideas. They’re repeated recommendations often delayed due to budget constraints or operational pressure. This attack shows the cost of postponing basic security work can spill directly into public life.

What Happens Next?
Councils say services will return in phases, with priority given to housing, social care, and public safety systems. Meanwhile, other public bodies across the UK are treating this as a wake-up call: shared IT systems bring efficiency, but they also create a single point of failure.
More updates are expected as the investigation progresses, and the NCSC may issue new guidance for local authorities in the coming weeks.
What It Means for Businesses Outside Government
Big public-sector breaches always look distant until you connect the pattern: attackers rarely care who gets hit, only where they can move freely once inside. Shared systems, weak segmentation, and old infrastructure are exactly where small and mid-sized businesses often struggle too.
If your company relies on multiple websites, shared hosting, connected apps, old servers still running critical tasks, and third-party integrations, you’re closer to this problem than you think.
The lesson is, don’t let old systems live forever without visibility. Business owners don’t need a full security rebuild; just awareness of where trust, access, and legacy technology intersect.
SSL Dragon’s Take
For many of our customers, this kind of attack feels far away until a provider outage, a server compromise, or an integration failure forces everything into view at once. While councils deal with large-scale networks, the underlying issue is universal: attackers seek the easiest path that gives them the most movement.
Strong certificates, clean access control, website monitoring, and reliable backups don’t stop every breach, but they ensure that one weak point doesn’t turn into a multi-system failure. Tools like CodeGuard, SiteLock, and robust certificate management don’t replace IT infrastructure, but they do give businesses early warnings, controlled isolation, and a way back if something goes wrong.
Breaches aren’t always preventable. But containing them and recovering fast is where smaller businesses can protect themselves the most.
Source: TechCrunch
Save 10% on SSL Certificates when ordering from SSL Dragon today!
Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10






