The UK’s Legal Aid Agency (LAA) has revealed that a recent cyberattack was more severe than initially thought, resulting in the theft of a substantial amount of sensitive data from applicants. This revelation follows an investigation by the UK government, which was involved after the breach was first reported.
The LAA, an executive branch of the UK Ministry of Justice, provides legal aid to individuals unable to afford legal services, covering areas such as family law, housing, and criminal law. Eligibility for such aid is determined by the applicant’s financial situation and the merits of their case.
Earlier this month, the agency reported a security breach that potentially exposed limited financial details. However, a subsequent update on a UK government portal indicated that the breach was more extensive, with data dating back to 2010 potentially compromised.
“On Friday 16 May, we discovered the attack was more extensive than originally understood and that the group behind it had accessed a large amount of information relating to legal aid applicants,” said LAA in its announcement. “We believe the group has accessed and downloaded a significant amount of personal data from those who applied for legal aid through our digital service since 2010.”
The exposed information may include contact details, dates of birth, national ID numbers, criminal history, employment status, and financial contributions of applicants. The UK government has advised all applicants to be cautious of potential scam attempts and to verify any communications before sharing sensitive information.
National Cyber Security Centre assists in securing LAA systems
In response, the LAA, with assistance from the National Cyber Security Centre (NCSC), has secured all its systems and temporarily taken its online application service offline.
“I understand this news will be shocking and upsetting for people, and I am extremely sorry this has happened,” said Legal Aid Agency CEO Jane Harbottle. “Since the discovery of the attack, my team has been working around the clock with the National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency.”
“However, it has become clear that to safeguard the service and its users, we needed to take radical action. That is why we’ve taken the decision to take the online service down. We have put in place the necessary contingency plans to ensure those most in need of legal support and advice can continue to access the help they need during this time. I am incredibly grateful to legal aid providers for their patience and cooperation at a deeply challenging time.”
The incident coincides with a series of cyberattacks on UK retailers, including Harrods, Co-op, and Marks & Spencer, which have been linked to the Scattered Spider group attempting to deploy DragonForce ransomware on compromised networks.
Read more: Legal Aid Agency warns law firms of potential data breach
