Hacked London council warns 100,000 households at risk of follow-up scams

A London council has written to hundreds of thousands of residents to warn them that criminals may use details leaked via a cyber attack last year to target them for scams.

At the end of November, Kensington and Chelsea was one of a trio of west London councils that suffered an outage that was quickly attributed to a cyber attack.

A week later, the council confirmed that personal data was likely leaked, though it stressed it was only "historical data".

Now, a spokesperson for the council has said the attackers had "criminal intent", with the council's website adding that sensitive data and personal information that could impact residents had been accessed by the attackers.

Council leader Elizabeth Campbell said the "serious" breach required action from the council, with an update in the middle of December saying 100,000 households had already been contacted with warnings following the attack.

A spokesperson told ITPro the letters were sent out at the beginning of December, and the message references the attack of "two weeks ago".

"We decided to go out immediately and say to people this is what's happened, this data has been copied and it has been taken and you should be aware therefore you are at risk," she told the BBC.

Written warning

In a copy of the letter shared with ITPro by the council, recipients are advised to be wary of scam messages, check online accounts for unusual activity, and report any suspicious activity to the National Cyber Security Centre (NCSC).

"Like any local authority, it was always possible that our systems could come under attack and therefore we had invested significantly in our digital, data and technology services over many years," Campbell said in the letter.

"This meant that we had a cyber defence system that was able to spot this attack quickly and protect much of our infrastructure, and the infrastructure of others, as best as possible."

Campbell added: "Despite this, we do believe that some data has been copied and taken. It is important to say we still have access to this information, but it is possible a copy could end up in the public domain. As a priority we are checking if this contains any personal or financial details of residents, customers, and service users. This may take months and we will update residents at every step."

The council is now "going through all the documentation" to spot any specific risks and will contact individuals directly if affected, though it noted that work may take months.

Similarly, the local authority said it was checking which details in files may have been accessed, admitting that work may yield nothing, but said "we want to make sure we turn over every stone."

What happened

The attack began on the morning of 24 November, and was immediately spotted by staff at Kensington and Chelsea, who took steps to isolate systems.

A week later, that council admitted some data had been accessed, including sensitive information; however, it stressed the data wasn't encrypted by the attackers, such as in a ransomware attack, and therefore remained accessible to the council.

Hammersmith and Fulham Council and Westminster City Council were the other two local authorities hit by the outage, as the three organizations share some systems.

Hammersmith has said it so far appears its systems were not compromised, while Westminster earlier this month confirmed that "limited data" had been breached.

Keven Knight, CEO of Talion, told ITPro last year that councils are a prime target for cyber criminals, largely due to the scope of personal and financial information they hold on residents.

"This is the type of information that can’t be changed easily. This means it's now in the hands of a threat actor, and victims will be exposed to an increased risk of phishing," he said.

The Information Commissioner's Office (ICO) has been informed of the incident, and the Metropolitan Police and NCSC are investigating. So far, there's no indication who is behind the attack.

"The Met is leading an investigation and we are working alongside them with the national cyber security centre and the NCC Group," a spokesperson for Kensington and Chelsea council said.

"We are taking steps to work through the data in accordance with ICO and legal rules."

FOLLOW US ON SOCIAL MEDIA

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.