Cyber attack on UK legal aid agency exposes private data, including criminal records

A significant cyberattack on the UK’s Legal Aid Agency (LAA) has resulted in the theft of a large amount of private data, including criminal records, according to the Ministry of Justice (MoJ).

The MoJ revealed that the breach, affecting the LAA’s online digital services, was initially detected on April 23rd, but its severity was only realized later.

Jane Harbottle, Chief Executive of the Legal Aid Agency, acknowledged the seriousness of the incident, stating the news “will be shocking and upsetting for people.”

The attackers claim to have accessed 2.1 million pieces of data, a figure the MoJ has not independently verified, according to the PA news agency. The stolen data spans applications for legal aid made over the past 15 years, dating back to 2010.

The MoJ outlined the breadth of the compromised information, which “may have included contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments.”

Toby Lewis, Head of Threat Analysis at Darktrace:

“The Legal Aid Agency breach represents a significant, but not unusual, cyber incident facing public services today. Without confirmation of ransomware or system outages, we’re likely looking at either pre-ransomware exfiltration or straightforward data theft. If it’s the latter, this could be as simple as misconfigured cloud storage or as complex as a nation-state operation. What’s crucial now is determining what we’re dealing with in order to assess the broader implications for government digital security.”

In response, the MoJ has urged individuals who applied for legal aid during this period to take precautionary measures. They advise the public to be vigilant for suspicious activity, such as unsolicited messages or phone calls, and to update any potentially exposed passwords. The Ministry also stressed the importance of verifying the identity of anyone requesting information online or via telephone.

The MoJ is collaborating with the National Crime Agency and the National Cyber Security Centre to investigate the breach. Additionally, the Information Commissioner has been notified. The Legal Aid Agency’s online digital services, used by legal aid providers, have been taken offline in the wake of the attack.

An MoJ source attributed the breach to “neglect and mismanagement” by the previous government, citing long-standing vulnerabilities within the Legal Aid Agency systems.

The Legal Aid Agency, an executive agency sponsored by the MoJ, administers legal aid funding.