Hackers accessed more data than thought in Legal Aid Agency cyber attack
Anybody who's applied for legal aid funding since 2007 could have had their personal data stolen


The UK's Legal Aid Agency has admitted that some of the data stolen in a cyber attack in April dates back as far as 2007.
As a result, anybody who applied for legal aid through the agency's digital service between 2007 and May 2025 may have had their data exposed. It had previously been thought that the data went back only as far as 2010.
The stolen data includes contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status, and financial data such as contribution amounts, debts and payments - and, in some instances, information about the partners of legal aid applicants.
30% off Keeper Security's Business Starter and Business plans
Keeper Security is trusted and valued by thousands of businesses and millions of employees. Why not join them and protect your most important assets while taking advantage of this special offer?
The Legal Aid Agency, which is responsible for administering legal aid funding, first became aware of the cyber attack on 23 April.
"In the days following the discovery, we took immediate action to bolster the security of the system, and informed all legal aid providers that some of their details, including financial information, may have been compromised," it said.
"Since then, we have worked closely with the National Crime Agency and National Cyber Security Centre as well as informing the Information Commissioner."
However, in May it realized the attack was more extensive than previously thought and that large amounts of personal data on legal aid applicants had been accessed.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
It's now warning people to look out for suspicious activity such as unknown messages or phone calls, and to update any potentially exposed passwords.
It's not clear who carried out the attack, with no public claims having been made, and no release of data on the dark web having yet been spotted.
Legal Aid Agency slammed for alleged failings
Since the attack, the Legal Aid Agency has come under fire for allowing it to happen, with Ministry of Justice minister Sarah Sackman blaming underfunding under the last Conservative government.
“This data breach is the result of heinous criminal activity, but it was enabled by the fragility of the LAA’s IT systems as a result of the long years of neglect and mismanagement of the justice system under the last Conservative government,” she said.
“Upon taking office, I was shocked to see how fragile our legal aid systems were. They knew about the vulnerabilities of the Legal Aid Agency digital systems, but did not act."
According to the Law Gazette, the Legal Aid Agency expects to have a new online portal for legal aid lawyers, called Signing into Legal Aid Services (SILAS), up and running in September. It has written to legal aid firms explaining how to set up accounts.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
Kids hacking for kicks are causing security headaches at schools
News More than half of cyber incidents at schools are caused by students, with some tech-savvy pupils attempting to bypass security and network controls.
-
Mobile app security is a huge blind spot for developer teams – 93% are confident their applications are secure, but 62% reported breaches last year
News Organizations are overconfident about their mobile app security practices, according to new research, and it’s putting enterprises and consumers alike at risk.
-
LNER warns customers to remain vigilant after personal data exposed in cyber attack
News LNER has warned customers to remain vigilant for social engineering attacks after a cyber attack on the rail operator exposed personal data.
-
Jaguar Land Rover u-turns on cyber attack containment claims, admits ‘some data has been affected’
News Jaguar Land Rover (JLR) has admitted some data may have been accessed by hackers following a cyber attack which severely disrupted production.
-
Everything we know about the Plex data breach so far
News Plex advised users to sign out of any connected devices that are currently logged in and enable two-factor authentication if they haven’t already.
-
Prolific ransomware operator added to Europe’s Most Wanted list as US dangles $10 million reward
News The US Department of Justice is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, an alleged ransomware criminal.
-
FBI warns 'indiscriminate' Salt Typhoon hacking campaign has hit organizations in more than 80 countries
News The Salt Typhoon hacker group has waged several major campaigns against US telecoms companies and critical infrastructure operators – now it's ramping up attacks globally.
-
Salesloft Drift hackers had access to company GitHub account for months before attacks
News Hackers behind the Salesloft Drift breach had access to the company’s GitHub account for several months before waging a flurry of attacks, the company has revealed.