Staff at a major Central London council have been warned to exercise extreme caution when using Microsoft Teams, following a sophisticated cyber attack that targeted individuals through the platform.
Councils Issue Urgent Security Warning
Westminster City Council has issued an internal memo to all employees, seen by the Local Democracy Reporting Service (LDRS), urging heightened vigilance. The directive instructs staff to avoid accepting calls from unknown contacts or joining any unexpected meetings on the Microsoft collaboration tool.
The warning forms part of the ongoing response to a significant cyber security incident that struck in November 2025, affecting three London boroughs. Westminster City Council, the Royal Borough of Kensington and Chelsea, and Hammersmith and Fulham Council were all impacted, with the issue understood to have originated within the shared IT services used by Kensington and Chelsea.
Data Copied and Financial Systems Disrupted
The internal communication confirmed that during the breach, some council data was copied and taken by the hackers. Furthermore, the attack has caused major disruption to the councils' operational capabilities.
A critical consequence has been the inability to access finance systems, forcing Westminster City Council to delay payments to its suppliers. The council has asked vendors for patience while specialists work to resolve the technical issues, though no precise timeline for full restoration has been provided.
In a statement, a spokesperson for Westminster City Council said: "As per Westminster Council's cybersecurity standards, staff are advised to remain vigilant when using digital communication platforms. We are actively informing and supporting staff with guidance and resources to help them stay cyber secure."
Ongoing Investigation and Cross-Council Impact
Kensington and Chelsea Council revealed days after the initial attack that it was investigating a data breach involving historical information. Council Leader, Cllr Elizabeth Campbell, stated she requested officers to inform the public at the earliest opportunity upon learning of the potential breach.
On Wednesday 17 December, Westminster City Council disclosed that potentially sensitive personal information was likely compromised. The authority emphasised that an investigation into the full extent is underway, confirming the data was not deleted and there is currently no indication it has been published online.
Hammersmith and Fulham Council, while affected by the shared service disruption, notes on its website that it is implementing enhanced security measures and investigating impacts. It states there is currently no evidence its own systems were directly compromised.
All three councils are working with the National Cyber Security Centre (NCSC) and cyber security partners to restore services securely. Microsoft has been approached for comment regarding the exploitation of its Teams platform.
