The UK's Legal Aid Agency has admitted that some of the data stolen in a cyber attack in April dates back as far as 2007.
As a result, anybody who applied for legal aid through the agency's digital service between 2007 and May 2025 may have had their data exposed. It had previously been thought that the data went back only as far as 2010.
The stolen data includes contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status, and financial data such as contribution amounts, debts and payments - and, in some instances, information about the partners of legal aid applicants.
The Legal Aid Agency, which is responsible for administering legal aid funding, first became aware of the cyber attack on 23 April.
"In the days following the discovery, we took immediate action to bolster the security of the system, and informed all legal aid providers that some of their details, including financial information, may have been compromised," it said.
"Since then, we have worked closely with the National Crime Agency and National Cyber Security Centre as well as informing the Information Commissioner."
However, in May it realized the attack was more extensive than previously thought and that large amounts of personal data on legal aid applicants had been accessed.
It's now warning people to look out for suspicious activity such as unknown messages or phone calls, and to update any potentially exposed passwords.
It's not clear who carried out the attack, with no public claims having been made, and no release of data on the dark web having yet been spotted.
Legal Aid Agency slammed for alleged failings
Since the attack, the Legal Aid Agency has come under fire for allowing it to happen, with Ministry of Justice minister Sarah Sackman blaming underfunding under the last Conservative government.
“This data breach is the result of heinous criminal activity, but it was enabled by the fragility of the LAA’s IT systems as a result of the long years of neglect and mismanagement of the justice system under the last Conservative government,” she said.
“Upon taking office, I was shocked to see how fragile our legal aid systems were. They knew about the vulnerabilities of the Legal Aid Agency digital systems, but did not act."
According to the Law Gazette, the Legal Aid Agency expects to have a new online portal for legal aid lawyers, called Signing into Legal Aid Services (SILAS), up and running in September. It has written to legal aid firms explaining how to set up accounts.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Trump's AI executive order could leave US in a 'regulatory vacuum'News Citing a "patchwork of 50 different regulatory regimes" and "ideological bias", President Trump wants rules to be set at a federal level
-
TPUs: Google's home advantageITPro Podcast How does TPU v7 stack up against Nvidia's latest chips – and can Google scale AI using only its own supply?
-
LastPass hit with ICO fine after 2022 data breach exposed 1.6 million users – here’s how the incident unfoldedNews The impact of the LastPass breach was felt by customers as late as December 2024
-
Researchers claim Salt Typhoon masterminds learned their trade at Cisco Network AcademyNews The Salt Typhoon hacker group has targeted telecoms operators and US National Guard networks in recent years
-
Trend Micro issues warning over rise of 'vibe crime' as cyber criminals turn to agentic AI to automate attacksNews Trend Micro is warning of a boom in 'vibe crime' - the use of agentic AI to support fully-automated cyber criminal operations and accelerate attacks.
-
Cyber budget cuts are slowing down, but that doesn't mean there's light on the horizon for security teamsNews A new ISC2 survey indicates that both layoffs and budget cuts are on the decline
-
NCSC issues urgent warning over growing AI prompt injection risks – here’s what you need to knowNews Many organizations see prompt injection as just another version of SQL injection - but this is a mistake
-
Chinese hackers are using ‘stealthy and resilient’ Brickstorm malware to target VMware servers and hide in networks for months at a timeNews Organizations, particularly in the critical infrastructure, government services, and facilities and IT sectors, need to be wary of Brickstorm
-
AWS CISO Amy Herzog thinks AI agents will be a ‘boon’ for cyber professionals — and teams at Amazon are already seeing huge gainsNews AWS CISO Amy Herzog thinks AI agents will be a ‘boon’ for cyber professionals, and the company has already unlocked significant benefits from the technology internally.
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
