The Royal Borough of Kensington and Chelsea (RBKC) has told residents that their data may have been compromised in a cyber-attack on an IT service provider discovered last week.
The council, London’s smallest but most densely populated, revealed the news in an update on Friday.
“After discovering unusual activity first thing Monday morning, we have been taking all necessary steps to shut down and isolate systems and make them as safe as possible,” it said.
“We have now obtained evidence on our systems that shows some data has been copied and then taken away. At this moment in time, we believe the breach only impacts historical data.”
Read more on council breaches: ICO Reprimands London Council for Mass Data Breach.
The council warned that this data could end up in the public domain.
“As a priority we are checking if this contains any personal or financial details of residents, customers, and service users – but this will take some time,” it added.
RBKC urged residents, customers and service users to be on high alert for potential social engineering attacks that may use stolen data in an attempt to elicit more sensitive information like card numbers.
Phishing attacks like these could take place via email, text or phone calls, the council warned.
“From an attacker perspective, each individual they have stolen data on has the council breach in common, so they will try to use this as their first point of exploitation,” explained Talion CEO, Keven Knight.
“This could be malicious communications around the breach, where they try to encourage victims to disclose more sensitive information or ask them to click on links or open attachments. As a result, all correspondence around the incident must be treated with caution. For genuine updates, visit council websites directly.”
Disruption to Last Weeks
RBKC also revealed that, although it is currently bringing services back online, residents could expect at least two weeks more disruption.
“We will do our very best to answer any urgent enquiries and have some phone lines up and running. Please understand our staff may not have all the answers at this point in time,” it said. “We are unable to access many of our systems, so will do our best to answer your enquiry if you do have an emergency.”
The same attack is said to have impacted Westminster City Council and potentially Hammersmith and Fulham local authority, both of which share IT services with RBKC.
“We are working closely with them both to investigate the full nature of the data breach that has been identified by the Royal Borough of Kensington and Chelsea on Friday 28 November, with whom we share some services, in order to assess what impact this may have on Westminster,” said Westminster City Council.
The local authority warned that the disruption would last for “several weeks,” although it said most services were still running.
Hammersmith and Fulham (H&F) council said in updates over the weekend that it had taken steps to “isolate and safeguard” its networks, and that some systems remain unavailable while it reviews and restores them.
“Due to a cybersecurity incident in a neighbouring borough, we are continuing to undertake a series of enhanced security measures and carefully investigate the impacts on all our systems and services,” it added in a Sunday update. “Currently, there is no evidence of H&F systems being compromised.”