A major cyber attack has forced a West London council to disconnect its office internet and instruct employees to work from home, causing significant disruption to its services.
Council Systems Forced Offline
Kensington and Chelsea Council has taken the drastic step of cutting off internet access in its offices as a precautionary measure following a devastating cyber attack. An internal memo, seen by the Local Democracy Reporting Service, reveals that parts of the council's networks will remain closed for the foreseeable future.
The council is not predicting a full restoration of all affected systems for some days. This includes access to the internet via work devices and crucial systems like the K&C Oracle software. Despite the shutdown, staff can still access Microsoft Teams, Outlook, and use guest Wi-Fi or mobile hotspots in the office.
Emergency Measures and Service Disruption
Managers have been issued with contingency arrangements for managing HR and finance processes during the outage. The council's public website is also undergoing planned maintenance as a result of the incident and may experience periods of unavailability, though officers are working to restore services online.
Staff are being urged to follow business continuity arrangements and speak with their managers about suitable work arrangements, which prominently includes working from home. The memo also advised employees to remain vigilant and report any unusual or suspicious online activity immediately.
Wider Impact and Security Context
The attack, identified by Kensington and Chelsea Council and Westminster City Council on the morning of Monday, November 24, also impacted Hammersmith and Fulham Council. All three councils have now confirmed they were affected. GCHQ's cyber security centre is assessing the full extent of the attack.
This security breach occurred less than a week after staff and councillors were offered cyber security training. An interactive, in-person tabletop exercise took place on November 12, forming part of the council's ongoing programme to bolster its cyber resilience.
A spokesperson for Kensington and Chelsea confirmed that a number of council systems were impacted and that IT teams are working to fix them and protect data. The council has informed the Information Commissioner’s Office and is investigating to see if any data has been compromised, which it stated is standard practice.
The incident highlights ongoing challenges, as an October council report found the authority faced issues with organisational culture regarding cyber security, noting some departments did not fully understand the importance of cyber resilience. The council spends over £12 million annually on IT and security systems.
