Cyber Attack in London and the Real Estate Market: Thousands of Deals at Risk

System failures have paralyzed mandatory checks for homebuyers

Photo: Bloomberg

A cyber attack in two of London’s wealthiest boroughs — Westminster and the Royal Borough of Kensington and Chelsea — has caused major disruptions to municipal services and effectively halted part of the residential real estate market, reports Bloomberg. Since November, local authorities have been unable to carry out mandatory property checks, without which mortgage-based home purchases cannot proceed.

Municipal services taken offline

The cyber attack, which authorities describe as “sophisticated and criminal”, affected the IT infrastructure of two local councils — Westminster City Council and the Royal Borough of Kensington and Chelsea. Following the breach, emergency protocols were activated and key digital systems were shut down. As a result, the councils are unable to process so-called local authority searches — official inquiries that provide information on a property’s legal status, flood risks, development plans and other legally significant parameters.

Nick Gregori, head of research at LonRes, explained that buyers using mortgages cannot complete transactions without the results of these municipal searches, as banks will not approve loans without them. Cash buyers can technically proceed without the checks, but in practice they almost always request them to avoid legal risks and hidden issues related to the property. As a result, delays in processing searches are directly blocking a significant number of transactions and postponing the completion of already agreed deals.

How many real estate deals are at risk

According to LonRes, between 2021 and 2024 an average of around 350 home sales per month were registered in Westminster and Kensington and Chelsea. The prolonged suspension of municipal searches is therefore affecting a substantial share of the current turnover of the real estate market in these boroughs.

Researchers also point to the fiscal importance of these areas. In the 2024–2025 financial year, stamp duty revenues from residential property transactions in Kensington and Chelsea alone totaled around £530 million.

Impact on the market amid a broader slowdown

The problems have emerged at a time when London’s luxury real estate market is already under pressure. Higher stamp duty rates and the introduction of the so-called mansion tax on properties valued above £2 million have reduced buyer activity. According to Savills, the number of transactions involving homes priced above £5 million in the first three quarters of 2025 fell by 18% year-on-year and may reach the lowest level since 2020.

Real estate agents note that even after systems are restored, the accumulated backlog of unprocessed searches will continue to weigh on the market for several months. According to The Buying Solution, the delays will affect not only private buyers but also investment transactions, including deals involving developers and funds.

Authorities’ response and recovery efforts

Elizabeth Campbell, leader of Kensington and Chelsea Council, said authorities understand residents’ frustration and are working to address the consequences of the attack. According to her, systems are being brought back online “very cautiously” with the involvement of specialists from NCC Group, the Metropolitan Police and the UK’s National Cyber Security Centre.

Westminster officials confirmed that restoration work is being carried out around the clock, with the main priority being the safe relaunch of infrastructure. Both councils stressed that rushing the process could lead to new vulnerabilities. Neither municipality has yet provided a specific timeline for the full restoration of services.

Artificial intelligence as a new cyber weapon

The rise in cyber attacks is linked not only to the expansion of digital infrastructure but also to the growing use of artificial intelligence in hackers’ toolkits. According to Bloomberg, AI is becoming a key factor that lowers the entry barrier to cybercrime and accelerates the execution of complex operations.

Hackers from China and Europe

In November, Anthropic reported that a suspected Chinese hacking group had used the Claude language model to coordinate attacks on around 30 targets worldwide. In some cases, the operations were carried out with minimal human involvement, marking the first documented example of a large-scale cyber attack managed by artificial intelligence.

A significant share of cyber attacks is linked to the ransomware as a service model — a service-based scheme for distributing extortion malware. Developers lease malicious code to other groups in exchange for a share of the ransom. Such networks are most often based in Eastern Europe and operate as stable criminal businesses. One of the most prominent groups is Scattered Spider, whose members used social engineering tactics, impersonating company employees and gaining access to internal systems via help desks. According to the US Department of Justice, the group is responsible for at least 120 attacks worldwide, with total ransom payments of around $115 million.

State-sponsored cyber operations

In addition to criminal groups, state actors are also active in cyberspace. The US considers Russia and China the most powerful state sponsors of cyber operations targeting economic data, military technologies and personal information. China in particular is accused of building a large-scale hacker force capable of conducting global operations. At the same time, governments regularly deny such allegations and claim they themselves are victims of cyber attacks by their adversaries.

Impact of cyber threats on the economy and the real estate market

Modern AI systems can automatically analyze vulnerabilities, generate malicious code and process large volumes of stolen data faster than teams of professional hackers. This makes attacks not only more widespread but also less costly in terms of time and resources. At the same time, investment in protection continues to grow: in 2025, around $213 billion was spent globally on cybersecurity, 10% more than the previous year. However, even these levels of spending have not yet led to a decline in overall threat levels.

The situation in London fits into a broader trend of rising cybercrime. In 2025, major retailers Marks & Spencer and Co-op were hit by attacks, while Jaguar Land Rover was forced to halt production for more than a month following a breach of its IT systems. According to estimates by the UK government, the total economic damage from cyber attacks amounts to £14.7 billion per year, equivalent to around 0.5% of GDP.

Analysts at International Investment note that the incident involving London’s municipalities has become one of the clearest examples of how digital risks can directly affect the real estate market and public revenues. Such threats should be considered alongside macroeconomic factors, tax policy and regulatory changes, as they are increasingly becoming a systemic part of the investment environment.