London councils endure wave of cyber attacks, shared IT services hit

Precautionary measures

The two councils share IT services with Hammersmith and Fulham. It has said: “We are continuing to take precautionary measures to review, isolate and protect our networks. We‘re working to fix the problem as quickly as possible, and we apologise for the inconvenience.”

Cyber security experts from the IT industry have contacted Computer Weekly with comment. Jon Abbott, co-founder and CEO of cyber security management supplier ThreatAware, said: “Local councils manage critical functions and store a plethora of personal data, from tax records to personal identifiers, making them attractive targets for cyber criminals. This is why having the security fundamentals in place is so important.

“These data points are highly sensitive, increasing the potential for significant consequences if breached,” he said. “Cyber attacks on such entities do not just lead to data loss but can erode public trust.

“Many councils operate under tight budget constraints, limiting their ability to invest in the latest cyber security technologies or even maintain adequate staffing for their IT security teams.”

Megha Kumar, chief product officer at cyber security advisory firm CyXcel, pointed to a likely point of attack.

“Early indications suggest the point of entry was through shared IT infrastructure used by the tri-borough arrangement,” she said. “Experts believe attackers exploited stolen credentials or similar methods to move laterally across interconnected systems, a common risk when multiple organisations share a core platform.

“This incident shows that cost-saving shared services can create single points of failure,” added Kumar. “This incident once again highlights that hackers are targeting the weakest link in an organisation’s cyber security, and that is increasingly their supply chain.”

Spencer Starkey, executive vice-president at SonicWall EMEA, said: “Cyber attacks in 2026 will increasingly try to erode public confidence in digital public services by targeting UK government bodies. Local authorities, with outdated systems and where IT teams are already stretched by budget pressures, face sustained attacks designed to disrupt essential citizen services. These attacks will have second-order consequences, slowing service delivery for millions of people and creating long-term administrative backlogs outlasting the breach itself.”

Raghu Nandakumara, vice-president of Industry Strategy at “zero trust” platform provider Illumio, said: “Local councils store a vast amount of personal data, which can be used in the longer term to conduct further attacks, making them an attractive target for cyber criminals. In this case, if residents’ data is found to have been compromised, it may be used for phishing attacks and scams, such as fraudulent fuel payment schemes, especially as we head into winter.

“While the decision to shut down networks was a precautionary measure to mitigate the impact, these sorts of actions are possible without cutting off vital services that thousands depend on. We need to reach a point where both public and private sector organisations can contain and survive cyber attacks with minimal disruption to operations.”

And Rob Demain, CEO at managed threat detection services provider e2e-assure, said: “With three London councils affected at the same time, the most plausible explanation is a shared service provider being compromised rather than each council being individually targeted. When outages strike multiple organisations simultaneously, it often points to an MSP or other common supplier as the root cause.”

The London councils are just the latest local government target zone for cyber attackers. Earlier this year, Oxford City Council disclosed election workers from 2001 to 2022 had personal information accessed by hackers.