Hackers accessed more data than thought in Legal Aid Agency cyber attack
Anybody who's applied for legal aid funding since 2007 could have had their personal data stolen
The UK's Legal Aid Agency has admitted that some of the data stolen in a cyber attack in April dates back as far as 2007.
As a result, anybody who applied for legal aid through the agency's digital service between 2007 and May 2025 may have had their data exposed. It had previously been thought that the data went back only as far as 2010.
The stolen data includes contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status, and financial data such as contribution amounts, debts and payments - and, in some instances, information about the partners of legal aid applicants.
The Legal Aid Agency, which is responsible for administering legal aid funding, first became aware of the cyber attack on 23 April.
"In the days following the discovery, we took immediate action to bolster the security of the system, and informed all legal aid providers that some of their details, including financial information, may have been compromised," it said.
"Since then, we have worked closely with the National Crime Agency and National Cyber Security Centre as well as informing the Information Commissioner."
However, in May it realized the attack was more extensive than previously thought and that large amounts of personal data on legal aid applicants had been accessed.
It's now warning people to look out for suspicious activity such as unknown messages or phone calls, and to update any potentially exposed passwords.
It's not clear who carried out the attack, with no public claims having been made, and no release of data on the dark web having yet been spotted.
Legal Aid Agency slammed for alleged failings
Since the attack, the Legal Aid Agency has come under fire for allowing it to happen, with Ministry of Justice minister Sarah Sackman blaming underfunding under the last Conservative government.
“This data breach is the result of heinous criminal activity, but it was enabled by the fragility of the LAA’s IT systems as a result of the long years of neglect and mismanagement of the justice system under the last Conservative government,” she said.
“Upon taking office, I was shocked to see how fragile our legal aid systems were. They knew about the vulnerabilities of the Legal Aid Agency digital systems, but did not act."
According to the Law Gazette, the Legal Aid Agency expects to have a new online portal for legal aid lawyers, called Signing into Legal Aid Services (SILAS), up and running in September. It has written to legal aid firms explaining how to set up accounts.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
What’s the role of IT operations management in improving infrastructure visibility?ITOM can map out hardware and software dependencies, bringing order to chaotic IT infrastructure
-
Why Google DeepMind’s AlphaGo breakthrough paved the way for the generative AI revolutionNews AlphaGo's victory over Go champion Lee Sedol in 2016 gave a "definitive preview of the AI era" and laid the groundwork for today's powerful tools.
-
Using AI to generate passwords is a terrible idea, experts warnNews Researchers have warned the use of AI-generated passwords puts users and businesses at risk
-
Researchers called on LastPass, Dashlane, and Bitwarden to up defenses after severe flaws put 60 million users at risk – here’s how each company respondedNews Analysts at ETH Zurich called for cryptographic standard improvements after a host of password managers were found lacking
-
‘They are able to move fast now’: AI is expanding attack surfaces – and hackers are looking to reap the same rewards as enterprises with the technologyNews Potent new malware strains, faster attack times, and the rise of shadow AI are causing havoc
-
Ransomware gangs are using employee monitoring software as a springboard for cyber attacksNews Two attempted attacks aimed to exploit Net Monitor for Employees Professional and SimpleHelp
-
Notepad++ hackers remained undetected and pushed malicious updates for six months – here’s who’s responsible, how they did it, and how to check if you’ve been affectedNews Hackers remained undetected for months and distributed malicious updates to Notepad++ users after breaching the text editor software – here's how to check if you've been affected.
-
CISA’s interim chief uploaded sensitive documents to a public version of ChatGPT – security experts explain why you should never do thatNews The incident at CISA raises yet more concerns about the rise of ‘shadow AI’ and data protection risks
-
Former Google engineer convicted of economic espionage after stealing thousands of secret AI, supercomputing documentsNews Linwei Ding told Chinese investors he could build a world-class supercomputer
-
90% of companies are woefully unprepared for quantum security threats – analysts say they need to get a move onNews Quantum security threats are coming, but a Bain & Company survey shows systems aren't yet in place to prevent widespread chaos
