Camilla Jessen
A major breach has exposed sensitive personal information of thousands who applied for legal aid in the UK since 2010.
The UK’s Legal Aid Agency, which provides legal assistance to individuals who cannot afford it, has confirmed a cybersecurity breach, revealing that personal data from legal aid applicants dating back to 2010 may have been accessed and stolen.
In a statement issued Monday, the government agency said it became aware of the cyberattack on April 23 and has since been working with the National Crime Agency and the National Cyber Security Centre to contain the threat and investigate the breach.
The agency reported that on May 16, it discovered that the breach was more extensive than originally believed, with attackers having gained access to highly sensitive personal data.
This was covered by Digi24.
What Was Stolen?
According to Legal Aid, the exposed information may include:
- Full names and addresses
- Dates of birth
- National identity numbers
- Criminal records
- Financial data, including contributions, debts, and payments
The compromised data relates to individuals who have submitted legal aid applications online since 2010 — a potentially vast number of affected people.
Online Services Suspended
In response, the Legal Aid Agency has shut down its online services, citing the need to protect users and prevent further data loss.
“It has become clear that in order to protect the service and its users, we need to take radical measures,” said Jane Harbottle, Director of Legal Aid.
That is why we have made the decision to stop the online service. However, contingency plans are in place, and people who need legal support will still be able to access help.
She added that her team has been working “around the clock” with cybersecurity experts to strengthen system defenses.
Part of a Larger Wave of Attacks
The Legal Aid breach comes just weeks after cyberattacks targeted several other British institutions. Retail giants Marks & Spencer and Co-op were both hit in April, with attackers reportedly posing as IT help desk employees to infiltrate systems.
Marks & Spencer confirmed that the attack led to a ransomware incident compromising customer data.
As a result, M&S suspended online orders while investigating the breach.
The UK government has not disclosed how many individuals were affected by the Legal Aid breach but has described the stolen information as “significant.”
Cybersecurity authorities are continuing their investigation, and the National Crime Agency has not yet confirmed whether any ransom was demanded or paid.