London’s Digital Siege: Payments Resume as Councils Battle Massive Data Theft

London’s municipal authorities are incrementally transitioning back to conventional operations following a catastrophic cyberattack that paralyzed digital infrastructure across several of the capital’s boroughs for months. The Council of Hammersmith and Fulham has announced the restoration of online and telephonic payment portals, signaling a return to normalcy for financial processing systems.

According to district administration reports, residents may once again settle service fees via the web or telephone, though municipal tax balances and housing rent records may exhibit temporary inaccuracies. Service providers have been encouraged to resume invoicing as the payment infrastructure is now functional, albeit encumbered by a substantial backlog. While the majority of civic services have been reinstated, a subset remains inaccessible, and telephonic wait times persist above traditional averages.

The Hammersmith and Fulham authorities clarified that the breach originated in November 2025 within a neighboring municipality, subsequently infiltrating shared legacy IT architectures. They contend that the hazards were swiftly identified, the network was effectively isolated, and no evidence of direct compromise within their own systems was unearthed. As a prophylactic measure, several public-facing services were suspended to facilitate rigorous security audits and an evaluation of archival data integrity.

According to the Local Government and Social Care Ombudsman, the offensive also severely impacted Westminster and the Royal Borough of Kensington and Chelsea, where the repercussions proved most acute. In Westminster, the resumption of direct debit mandates is not anticipated until late January; consequently, missed payments will be redistributed across the remaining fiscal year, resulting in significantly higher bills for residents. Furthermore, the issuance of vital records—such as birth, death, and marriage certificates—remains suspended, alongside school enrollment applications and library card services.

In Kensington and Chelsea, officials have formally categorized the incident as a criminal endeavor accompanied by a significant data breach. A portion of payment processing remains stagnant, with the local revenue service lacking access to its primary databases and email systems. The administration warns that full infrastructural recovery may take several months. Highlighting the pervasive nature of this threat, the municipality revealed that over 113,000 phishing attempts were thwarted between June and September 2025 alone, emphasizing that British councils are besieged by cyber-adversaries on an almost daily basis.