Hackers accessed more data than thought in Legal Aid Agency cyber attack

Cybersecurity concept image symbolizing third-party data breaches with give padlock symbols and one pictured in red, signifying a security breach.

(Image credit: Getty Images)

published 1 August 2025

The UK's Legal Aid Agency has admitted that some of the data stolen in a cyber attack in April dates back as far as 2007.

As a result, anybody who applied for legal aid through the agency's digital service between 2007 and May 2025 may have had their data exposed. It had previously been thought that the data went back only as far as 2010.

The stolen data includes contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status, and financial data such as contribution amounts, debts and payments - and, in some instances, information about the partners of legal aid applicants.

The Legal Aid Agency, which is responsible for administering legal aid funding, first became aware of the cyber attack on 23 April.

"In the days following the discovery, we took immediate action to bolster the security of the system, and informed all legal aid providers that some of their details, including financial information, may have been compromised," it said.

"Since then, we have worked closely with the National Crime Agency and National Cyber Security Centre as well as informing the Information Commissioner."

However, in May it realized the attack was more extensive than previously thought and that large amounts of personal data on legal aid applicants had been accessed.

It's now warning people to look out for suspicious activity such as unknown messages or phone calls, and to update any potentially exposed passwords.

It's not clear who carried out the attack, with no public claims having been made, and no release of data on the dark web having yet been spotted.

Legal Aid Agency slammed for alleged failings

Since the attack, the Legal Aid Agency has come under fire for allowing it to happen, with Ministry of Justice minister Sarah Sackman blaming underfunding under the last Conservative government.

“This data breach is the result of heinous criminal activity, but it was enabled by the fragility of the LAA’s IT systems as a result of the long years of neglect and mismanagement of the justice system under the last Conservative government,” she said.

“Upon taking office, I was shocked to see how fragile our legal aid systems were. They knew about the vulnerabilities of the Legal Aid Agency digital systems, but did not act."

According to the Law Gazette, the Legal Aid Agency expects to have a new online portal for legal aid lawyers, called Signing into Legal Aid Services (SILAS), up and running in September. It has written to legal aid firms explaining how to set up accounts.

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.