The Legal Aid Agency (Laa), a ministry of justice-backed civil and criminal legal aid and Advice Service Covering England and Wales, have fallen Victim to a Cyber Attack That that ATTACK TATACK TATACK THE APEARES to the COMINAL DATA ON Anybody who applied for legal aid through its digital service in the past 15 years.
The body said it first beare of a cyber attack on its online digital services – used by legal aid provides to log their work and receive payment from the government – on 23 April 2025.
These services were quickly taken offline. Following this, working along Affected.
The laa's investigation initially appears to have shown that only lead legal aid provides were affected. However, on 16 May, it is apparent that the attackers had dug themselves far deeper into its systems than was first thought and accessed data on Legal Aid Applicants Dating Dating Bank to 2010.
This includes not just that facing criminal prosecution, but individuals involved in family law cases, victims of domestic violence, and more.
It said the data including contact details and addresses, birthdates, national id numbers, Criminal History, Employment Status and Financial Data. According to the GuardianThe intruders have stated they have accessed 2.1 million data points, Although this is not verified.
“I undress this news will be shocking and upsetting for people, and I am extramely sorry this have happy,” said laa ceo jane harbottle.
Since the discovery of the attack, my team has been working Around the clock with the ncsc to bolster the security of our systems so we can safly control the vital work of the agency
Jane harbottle, legal aid agency
“Since the discovery of the attack, my team has been working Around the clock with the NCSC to Bolster the Security of Our Systems so we can safly continue the VITAL WORKE OF”
She Continued: “However, It has become clear that to safeguard the service and its users, we needed to take radical action. That is why we we we we we we we we we we we we we we weed
“We have put in place the Necessary Contingcy Plans to Ensure that Most in Need of Legal Support and Advice Can Continue to access the help the help they need during this time,” Said harbottle. “I am incredibly grateful to legal aid provides for their patience and cooperation at a deeply challenging time.”
The agency Urged anyone who has applied for legal aid since 2010 to take immediati steps to safeguard themselves. As is frequent the case, the breadth of the data breeded makes it useful to fraudsters and scammers involved in downstream cyber crime activity. Should the data be leaked, those affected may see an uptick in social activity Soch as unsolicited text messages or phone calls.
No Word Yet on Ransomware
The agency gave no indication as to behther or not it is dealing with a ransomware incidenceTOBY Lewis, Head of Threat Analysis at DarktraceSaid Establishing the full facts of what have gone wrong be the number one priority for the investigators.
“The legal aid agency breach represents a significant but not unusual cyber Incident Facing Public Services Today. Pre-Ransomware Exfiltration Caught Early or Straightforward Data Theft. IF it's the latter, this single be as simple as misconfigure cloud storage or as a new one Bulk Personal Data, Similar to Previous International Government Breaches, ”He said.
“What's Crucial Now is Determining which Scenario We're Dealing with to Properly Assess The Broader Implications for Government Digital Security.”
