Kensington and Chelsea Council's recovery from a significant cyber attack in November 2025 is on track
to restore all systems by Summer 2026, with 94% already back online. The council is also preparing to notify affected residents about a data breach.
During a meeting on Wednesday, 8 July 2026, the Overview & Scrutiny Committee received an update on the cyber attack recovery. Recovery efforts are progressing well, with the majority of the council's 275 systems back in operation. However, service backlogs, particularly in revenue and benefits, planning, and complaints, are being addressed with a target completion date of December 2026.
The council acknowledged that some data was copied during the attack, and a notification programme for affected residents is set to begin soon. The criminal act is under police investigation, and the council is working with the Information Commissioner's Office (ICO) to determine the extent of the data breach.
The cyber attack significantly disrupted its services and operations.
However, Housing benefit and discretionary payment processes have since been able to be returned providing critical support to residents.
Furthermore, Council tax and business rates bills were also able to be issued in May with residents and business paying over the 10-month period between June 2026 and March 2027, avoiding residents being asked to pay multiple months at one time.
The report also notes that some data was copied during the attack
and that the Council does not underestimate the scale of disruption the Cyber Attack has caused for residents.
A programme of notification to relevant residents will begin in the coming months, with support available as required. Notifications will adhere to the principle of notifying once
, with prioritization based on vulnerability starting later this year. An internal team is being established to manage this process carefully and restoratively. Additionally, national guidance from the NCSC on online safety will be shared with residents.
Councillors raised concerns about the pace of recovery and the potential long-term financial implications. The council confirmed that while direct recovery costs of £1.162 million have been funded from reserves, further expenditure will be required for ongoing recovery efforts. Further expenditure will be required in 2026/27 and beyond to continue the recovery programme and to strengthen and modernise the DD&T service and ensure the Council is fit for the future. These costs are not yet fully quantified but are expected to be significant.
It was also noted that some services have reported an indirect financial impact of the cyber incident, where loss of systems and access to data, which is still ongoing in some areas, has delayed the delivery of savings and impacted the Council's ability to provide income generating services.
To prevent similar attacks in the future, the council is implementing a programme of modernisation of its systems, including embracing digital revolution and AI. This involves strengthening cyber resilience, improving data and information governance, simplifying applications, building a coherent digital ecosystem, supporting service redesign around residents, improving workforce capability, and ensuring technology investment delivers value for money. A new Security Operations Centre providing 24-7 security cover has been fully implemented, and the council is following a broader set of recommendations received from NCC during the attestation process. The proposed Digital, Data and Information and Communications Technology (ICT) 2020–2030 Strategy
aims to address these issues.
More information can be found in the Public reports pack for the Overview & Scrutiny Committee meeting on 8 July 2026. Public reports pack 08th-Jul-2026 18.30 Overview Scrutiny Committee
