Legal Aid database hacked, ‘significant amount’ of data and criminal records stolen

• ‘Significant amount’ of data stolen from Legal Aid Agency
• Up to 2.1 million records accessed, hacking group says
• Legal Aid online systems taken offline

The UK’s Ministry of Justice (MoJ) has revealed that a cyberattack on the Legal Aid system has led to the theft of a “significant amount” of data, including criminal records.

The MoJ was alerted to the attack on April 23 when data dating back as far as 2010 was accessed by the attackers.

Earlier this month, the MoJ said it was investigating a “security incident” and that payment information had potentially been accessed. The group responsible for the attack said they accessed 2.1 million pieces of data, but the MoJ has not confirmed this number.

‘Significant amount’ of data stolen

The MoJ said that the data accessed by the attackers “may have included contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments.”

Legal Aid Agency chief executive Jane Harbottle issued an apology for the breach, adding that the breach “will be shocking and upsetting for people”. The MoJ is working with the UK’s National Crime Agency and the National Cyber Security Centre to secure systems, and the Information Commissioner has been notified.

The Legal Aid Agency is responsible for providing legal aid funding to over 2,000 providers. The amount administered in 2023/24 amounted to around £2.3 billion. The Agency’s online digital services have been taken offline as a result of the attack.

The MoJ has recommended that anyone who has applied for legal aid since 2010 to take steps to protect themselves, including increased vigilance against unknown phone calls and text messages, as well as updating or replacing weak or reused passwords.

“If you are in doubt about anyone you are communicating with online or over the phone you should verify their identity independently before providing any information to them,” the ministry said.

Outside of personal data, it is likely that information relating to the barristers, solicitors, and other organizations, including not-for-profit organizations, was accessed by the hackers during the attack.

“The recent cyber attack on the Legal Aid Agency is yet another example of the real-world impact from digital vulnerabilities. When criminal records and other sensitive personal data are exposed, it is not just a matter of IT failure, it’s a breach of trust, privacy and even safety in this case. Many of the individuals affected may already be in vulnerable situations and could now face the added stress of not knowing where their data will end up or how it might be used,” said Jake Moore, Global Cybersecurity Advisor, ESET.

“It highlights just how critical it is for public bodies and government agencies to invest in stronger cyber defences, quicker update times and better training as well as being transparent immediately when things go wrong. Delays in notifying victims or vague reassurances can often worsen the damage whether it’s a government agency or private company.”

Via BBC

You might also like

• Customer data stolen in M&S cyberattack
• Protect yourself with the best password managers
• Protect your family from online threats with the best parental control apps