The UK's Legal Aid Agency has admitted that some of the data stolen in a cyber attack in April dates back as far as 2007.
As a result, anybody who applied for legal aid through the agency's digital service between 2007 and May 2025 may have had their data exposed. It had previously been thought that the data went back only as far as 2010.
The stolen data includes contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status, and financial data such as contribution amounts, debts and payments - and, in some instances, information about the partners of legal aid applicants.
The Legal Aid Agency, which is responsible for administering legal aid funding, first became aware of the cyber attack on 23 April.
"In the days following the discovery, we took immediate action to bolster the security of the system, and informed all legal aid providers that some of their details, including financial information, may have been compromised," it said.
"Since then, we have worked closely with the National Crime Agency and National Cyber Security Centre as well as informing the Information Commissioner."
However, in May it realized the attack was more extensive than previously thought and that large amounts of personal data on legal aid applicants had been accessed.
It's now warning people to look out for suspicious activity such as unknown messages or phone calls, and to update any potentially exposed passwords.
It's not clear who carried out the attack, with no public claims having been made, and no release of data on the dark web having yet been spotted.
Legal Aid Agency slammed for alleged failings
Since the attack, the Legal Aid Agency has come under fire for allowing it to happen, with Ministry of Justice minister Sarah Sackman blaming underfunding under the last Conservative government.
“This data breach is the result of heinous criminal activity, but it was enabled by the fragility of the LAA’s IT systems as a result of the long years of neglect and mismanagement of the justice system under the last Conservative government,” she said.
“Upon taking office, I was shocked to see how fragile our legal aid systems were. They knew about the vulnerabilities of the Legal Aid Agency digital systems, but did not act."
According to the Law Gazette, the Legal Aid Agency expects to have a new online portal for legal aid lawyers, called Signing into Legal Aid Services (SILAS), up and running in September. It has written to legal aid firms explaining how to set up accounts.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
AI layoffs could spark a new wave of offshoringNews Analysts expect a wave of rehiring next year in the wake of AI layoffs. That may sound like good news for workers, but it'll probably involve offshoring or outsourcing.
-
Hackers are using these malicious npm packages to target developers Windows, macOS, and Linux systemsNews Security experts have issued a warning to developers after ten malicious npm packages were found to deliver infostealer malware across Windows, Linux, and macOS systems.
-
Google says reports of a 'huge' Gmail breach affecting millions of users are false, againNews Reports of a major Gmail affecting millions of users have been flooding the web this week – Google says they're "false" and you've nothing to worry about.
-
Enterprises can’t keep a lid on surging cyber incident costsNews With increasing threats and continuing skills shortages, AI tools are becoming a necessity for some
-
Cyber researchers have already identified several big security vulnerabilities on OpenAI’s Atlas browserNews Security researchers have uncovered a Cross-Site Request Forgery (CSRF) attack and a prompt injection technique
-
CISA issues alert after botched Windows Server patch exposes critical flawNews A critical remote code execution flaw in Windows Server is being exploited in the wild, despite a previous 'fix'
-
Former NCSC head says the Jaguar Land Rover attack was the 'single most financially damaging cyber event ever to hit the UK' as impact laid bareNews Researchers said they place the UK financial impact of the attack on Jaguar Land Rover at around £1.9 billion.
-
Volkswagen confirms security ‘incident’ amid ransomware breach claimsNews Volkswagen has confirmed a security "incident" has occurred, but insists no IT systems have been compromised.
-
Cyber experts have been warning about AI-powered DDoS attacks – now they’re becoming a realityNews DDoS attackers are flocking to AI tools and solutions to power increasingly devastating attacks
-
Microsoft issues warning over “opportunistic” cyber criminals targeting big businessNews Microsoft has called on governments to do more to support organizations
