Cyber attack hits UK Legal Aid Agency; significant amount of data stolen
A cyber attack on the UK’s Legal Aid Agency has resulted in the unauthorized access and download of a "significant amount of personal data," including sensitive information such as criminal records, according to the Ministry of Justice (MoJ).
The group that carried out the cyber attack says it accessed 2.1 million pieces of data, but the MoJ has not verified that figure, it is understood, News.Az reports, citing Sky News.
The government became aware of the incident on 23 April, but realised on Friday it was more extensive than first thought.
An MoJ source put the breach down to the "neglect and mismanagement" of the previous government, saying vulnerabilities in the Legal Aid Agency systems have been known for many years.
The Legal Aid Agency (LAA), is an executive agency, sponsored by the MoJ, which is responsible for administering legal aid funding - around £2.3bn in 2023/24.
The data accessed affected those who applied for legal aid in the last 15 years, and may include contact details and addresses of legal aid applicants, their dates of birth, national insurance numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments.
The MoJ has urged anyone who applied for legal aid since 2010 to update any passwords that could have been exposed, and be alert to unknown messages and phone calls.
The organisation's digital services, which are used by legal aid providers to log their work and get paid, have been taken offline.
Legal Aid Agency chief executive Jane Harbottle has apologised for the breach and acknowledged the news would be "shocking and upsetting".
"Since the discovery of the attack, my team has been working around the clock with the National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency," she said.
"However, it has become clear that, to safeguard the service and its users, we needed to take radical action. That is why we've taken the decision to take the online service down," she said.
Ms Harbottle said contingency plans are in place for those who need legal support and advice.
The Law Society, an organisation representing solicitors across the UK, blamed the attack on Legal Aid's "antiquated IT system".
"The incident once again demonstrates the need for sustained investment to bring the LAA's antiquated IT system up to date and ensure the public have continued trust in the justice system," said a Law Society spokesperson.
The Ministry of Justice (MoJ) said it is working with the National Crime Agency and National Cyber Security Centre to investigate the data breach.
The National Crime Agency said it was aware of the incident and was working closely with the MoJ to "better understand the incident and support the department".
It comes after retailers Co-op, Harrods and Marks & Spencer were hit by cyber attacks, although there is no suggestion that they are connected to the incident at the LAA.
News.Az
