The Ministry of Justice (MoJ) has confirmed that hackers have accessed and downloaded “a significant amount of personal data” belonging to applicants who had applied through the Legal Aid Agency since 2010.
The MoJ said on Monday that this includes applicants’ dates of birth, contact details and addresses, national identification numbers, employment status, criminal records, and financial data such as payments, debts, and contribution amounts.
Departmental officials became aware of the cyber attack on April 23, but it was only by May 16 that they understood the extent of the breach. The online services have since been taken down.
Hackers were able to penetrate the Legal Aid Agency’s online digital services, which are the systems through which legal aid providers log their work and receive payment from the government.
‘We Needed to Take Radical Action’
The MoJ said it was now working closely with the National Crime Agency and GCHQ’s National Cyber Security Centre (NCSC), and has informed the Information Commissioner.Jane Harbottle, CEO of the Legal Aid Agency, offered her apologies, acknowledging that the news must be upsetting and stressful to those affected.
She said: “Since the discovery of the attack, my team has been working around the clock with the National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency.
“However, it has become clear that to safeguard the service and its users, we needed to take radical action. That is why we’ve taken the decision to take the online service down.”
Recent Cyber Attacks
Concerns over cyber security have become increasingly prevalent following high-profile attacks on major institutions and their suppliers in the past few years.These included the October 2023 attack on the British Library, which to date has cost around £7 million to recover from. In June 2024, an attack on NHS services supplier Synnovis resulted in the postponement of 10,000 appointments.
In recent months, there have been a series of serious cyber incidents which have impacted retailers Marks & Spencer, the Co-op, and Harrods.
AI-Enhanced Hacking
Earlier this month, the NCSC warned that by 2027, AI tools will significantly increase the ability of malicious actors to find and exploit vulnerabilities in the UK’s systems.It said that in order to protect themselves, organisations must implement advanced strategies to counter AI-driven attacks, including continued monitoring and using AI-based defence systems.
The NCSC said that malicious actors are very likely already using AI to enhance their existing tactics to penetrate systems, including through victim reconnaissance, vulnerability research, and malware generation.
The government said earlier this month it was taking action to boost the country’s cyber security, including backing the rollout of advanced technology which it says could prevent up to 70 percent of the most common cyber attacks.
The Cyber Security and Resilience Bill will also be introduced to Parliament later this year. It aims to ensure the country’s critical national infrastructure and digital economy is better protected and less vulnerable to attack.
