Sensitive applicant data was significantly compromised in a cyber attack against the Legal Aid Agency.

A significant cyber attack on the UK's Legal Aid Agency (LAA) has compromised the personal data of individuals who applied for legal aid online since 2010. 

The Ministry of Justice (MoJ) confirmed the breach, revealing that hackers accessed and downloaded a substantial amount of sensitive information. The incident, initially detected on April 23, was found to be far more extensive than initially believed, with the full scale of the breach becoming clear on May 16.

The compromised data includes a wide range of personal details, such as contact information, addresses, dates of birth, national insurance numbers, criminal records, employment status, and financial data, including contribution amounts, debts, and payments. 

While the group responsible for the attack claims to have accessed 2.1 million pieces of data, the MoJ has not yet verified this figure. The LAA's online digital services, crucial for legal aid providers to log their work and receive payments, have been taken offline to mitigate further damage and secure the system.

In response to the attack, the MoJ is working closely with the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) to investigate the breach and support the department. The Information Commissioner has also been informed. The government is urging anyone who applied for legal aid since 2010 to be vigilant for suspicious activity, such as unknown messages or phone calls, and to update any potentially exposed passwords.

Jane Harbottle, Chief Executive Officer of the Legal Aid Agency, expressed her sincere apologies for the incident, acknowledging the distress and concern it would cause. She stated that her team is working tirelessly with the NCSC to enhance the security of their systems and safely resume the agency's vital work. Contingency plans are in place to ensure those needing legal support can still access it.

An MOJ source has attributed the breach to "neglect and mismanagement" by the previous government, stating that vulnerabilities in the LAA's digital systems were known but not addressed. The agency, which administers approximately £2.3 billion in legal aid funding annually, faces significant challenges in restoring its online services and reassuring the public about the safety of their data.