Hundreds of thousands of Brits could have had their data breached after government officials confirmed hackers have accessed Legal Aid’s online system. The Ministry of Justice (MoJ) said the agency – which provides financial support to help cover the costs of legal advice and representation for those who cannot afford it – had seen its […]
Hundreds of thousands of Brits could have had their data breached after government officials confirmed hackers have accessed Legal Aid’s online system.
The Ministry of Justice (MoJ) said the agency – which provides financial support to help cover the costs of legal advice and representation for those who cannot afford it – had seen its services hacked in April, with data dating back to 2010 downloaded in the attack.
According to the BBC, more than two million pieces of information were stolen, which could have included “addresses of Legal Aid applicants, dates of birth, national ID numbers, criminal history, and financial data” the MoD said in a statement.
It is being reported that authorities do not believe that the hack is the work of a state actor, and that it appears to be the work of a criminal gang.
The MoJ said it became aware of the attack on LAA’s online digital services on 23 April but initially believed the attack impacts only partner data, not applicants. However, an investigation revealed that the breach had been much wider than initially anticipated.
The MoJ said: “We believe the group has accessed and downloaded a significant amount of personal data from those who applied for legal aid through our digital service since 2010.
“We would urge all members of the public who have applied for legal aid in this period to take steps to safeguard themselves. We would recommend you are alert for any suspicious activity such as unknown messages or phone calls and to be extra vigilant to update any potentially exposed passwords.
“If you are in doubt about anyone you are communicating with online or over the phone, you should verify their identity independently before providing any information to them.”
LAA chief executive Jane Harbottle apologised for the breach and confirmed that, in a damage limitation move, it has temporarily taken its services offline.
She said: “Since the discovery of the attack, my team has been working around the clock with the National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency.
“However, it has become clear that, to safeguard the service and its users, we needed to take radical action. That is why we’ve taken the decision to take the online service down.”
The agency is the latest victim in a series of recent cyber-attacks that have caused mass disruption. Retailers including Marks and Spencer, Harrods and the Co-operative Group have all been attacked in the past month, causing chaos.
Former US intelligence official Cody Barrow says there is a concerning pattern emerging of major attacks in the UK which raises urgent questions about the resilience of the country’s cyber defences.
Barrow, who is now CEO of EclecticIQ, explained: “Reports of the UK’s most recent cyberattack at the Legal Aid Agency accentuate a deeply troubling escalation in the scale of cyber threats.
“Unlike previous attacks that focused on retail sectors and customer data, this attack has compromised some of the most sensitive categories of personal information, including criminal records, national insurance numbers, and financial details, with data going as far back as 2010.
“This reminds us that cybercriminal tactics are not only in high-volume consumer data but also target public sector systems housing critical legal and personal records.
“While the Ministry of Justice has yet to verify the reported 2.1 million records accessed, the potential fallout is severe. Identity theft, fraudulent legal activity, and the manipulation of criminal records are all real risks facing those affected.
“What’s even more concerning is the broader pattern this incident reflects. Cyberattacks across the UK continue to rise, indicating systemic weaknesses in national cyber defences. Breaches will happen, but preventable weaknesses like unpatched systems and poor segmentation make the impact far worse than necessary.”
