A major cyberattack has compromised the personal data of thousands of legal aid applicants in England and Wales, prompting the Legal Aid Agency (LAA) to suspend its online portal indefinitely. The Ministry of Justice (MoJ) confirmed the breach on Monday, stating that a “significant amount” of sensitive information had been accessed.
The breach, first detected on April 23, was initially thought to be limited in scope. But further investigation revealed on Friday that the hack was far more extensive than initially understood. According to the MoJ, the attackers accessed a “large amount of information” related to individuals who applied for legal aid services through the LAA.
This data may include names, contact details, home addresses, dates of birth, criminal history, employment records, and financial data dating back as far as 2010. The agency said it is working closely with the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) to assess the full extent of the breach and to contain any ongoing risk.
Jane Harbottle, the chief executive of the LAA, described the attack as unprecedented in scale and deeply concerning. “Since the discovery of the attack, my team has been working around the clock with the National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency,” she said in a statement. “However, it has become clear that to safeguard the service and its users, we needed to take radical action. That is why we’ve taken the decision to take the online service down.”
The LAA’s digital platform, used by legal aid solicitors and barristers to submit casework and receive payments, is now offline. Contingency measures are being put in place to ensure legal services for vulnerable individuals continue without interruption.
The Law Society of England and Wales issued a sharp rebuke of the government in the wake of the hack, highlighting the risks posed by years of underinvestment in the justice system’s digital infrastructure. “This breach once again demonstrates the need for sustained investment to bring the LAA’s antiquated IT system up to date and ensure the public have continued trust in the justice system,” the legal body said.
Legal aid services in the UK have already been under immense pressure due to chronic funding shortages. Many lawyers have abandoned legal aid work entirely, citing unsustainable workloads and low compensation. The cyberattack, say critics, only exposes further the fragility of a system already on the brink.
In the meantime, the MoJ has urged legal aid applicants and practitioners to be vigilant for suspicious activity. Those affected are being advised to monitor communications, change passwords, and report any unusual messages or phone calls.
Harbottle acknowledged the severity of the breach and extended an apology to affected individuals: “I understand this news will be shocking and upsetting for people, and I am extremely sorry this has happened.”
As investigations continue, the incident has raised urgent questions about cybersecurity standards across the UK’s public sector and the long-term viability of legacy systems serving critical justice functions.
Discover more from Semiconductors Insight
Subscribe to get the latest posts sent to your email.
