A major cyber-attack has compromised the personal data of hundreds of thousands of legal aid applicants across England and Wales, with records dating back as far as 2010.
The exposed information includes sensitive details such as criminal history, national insurance numbers, contact information, and financial records, raising serious concerns about data security in the justice system.
The Ministry of Justice (MoJ) confirmed that hackers infiltrated the Legal Aid Agency’s (LAA) digital platform, downloading what is believed to be a “significant” amount of data.
The breach reportedly involves personal information from individuals who applied for legal aid over the past 14 years.
Although cybercriminals claim to have accessed over 2.1 million data entries, this figure remains unverified. Authorities currently believe the attack was carried out by an organised criminal group rather than a hostile state actor.
Officials Slam Previous Government Over “Neglect”
A Whitehall source has attributed the breach to years of “neglect and mismanagement” under the previous administration, alleging that longstanding vulnerabilities in the LAA’s IT systems were ignored.
“This breach was avoidable. The previous government was fully aware of the system’s flaws but failed to act. It’s a stark example of how the justice system has been left to deteriorate,” the source stated.
LAA Systems Taken Offline Amid Emergency Response
Initially, the MoJ believed only legal aid providers had been affected. However, it was later confirmed that applicants’ data had also been compromised. The LAA’s digital services, used by law firms to log casework and claim payments, have now been shut down as a precautionary measure.
Legal aid providers will temporarily rely on alternative communication channels to process payments, while officials work on developing a secure replacement system in the coming weeks.
The MoJ has urged anyone who applied for legal aid since 2010 to remain vigilant for suspicious activity, including unfamiliar messages or calls, and to update any potentially compromised passwords.
“If in doubt, verify the identity of anyone contacting you before sharing personal details,” the ministry advised.
National Cyber Security Centre and NCA Investigating
The National Crime Agency and the National Cyber Security Centre are actively investigating the incident. The Information Commissioner’s Office has also been notified.
In a public apology, LAA chief executive Jane Harbottle said: “I recognise how distressing this will be and deeply regret the impact on those affected. We have taken decisive action to protect our systems and the people who rely on them.”
She assured that contingency measures are in place to maintain access to legal support during the outage.
Warning Signs Ignored for Years
The breach comes after repeated warnings. In 2023, the Law Society described the LAA’s digital infrastructure as “too fragile to cope”. Just two months ago, it criticised the agency’s outdated IT systems as further proof of long-term underinvestment in the justice sector.
