The Ministry of Justice (MoJ) said a ‘significant amount of personal data’ had been stolen in the breach – potentially including home addresses, dates of birth and criminal records
A “significant amount of personal data” has been taken from the Legal Aid database, it has emerged.
The data of people who applied to the Legal Aid Agency since 2010, including criminal records, was accessed and downloaded in a cyber attack in April this year, the Ministry of Justice said. The group that carried out the attack has claimed it accessed 2.1 million pieces of data, but this figure has not yet been verified. The Government first became aware of a cyber attack on the Legal Aid Agency’s online digital services on April 23, but discovered on Friday that it was more extensive than originally thought.
The data accessed may include contact details and addresses of legal aid applicants, their dates of birth, national insurance numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments.
The LAA’s online digital services, which are used by legal aid providers to log their work and get paid by the Government, have been taken offline.
An MoJ source put the breach down to the “neglect and mismanagement” of the previous government, saying vulnerabilities in the Legal Aid Agency systems have been known for many years.
“This data breach was made possible by the long years of neglect and mismanagement of the justice system under the last government.
“They knew about the vulnerabilities of the Legal Aid Agency digital systems, but did not act,” the source said.
The MoJ is urging anyone who has applied for legal aid since 2010 to be alert for unknown messages and phone calls and to update any passwords that could have been exposed.
The ministry has been working with the National Crime Agency and the National Cyber Security Centre, and has informed the Information Commissioner.
Legal Aid Agency chief executive Jane Harbottle apologised for the breach. He said: “I understand this news will be shocking and upsetting for people and I am extremely sorry this has happened.
“Since the discovery of the attack, my team has been working around the clock with the National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency.
“However, it has become clear that, to safeguard the service and its users, we needed to take radical action. That is why we’ve taken the decision to take the online service down,” she said.
Ms Harbottle said contingency plans are in place to make sure those in need of legal support and advice can continue to access it.
This is a breaking news story. Follow us on Google News, Flipboard, Apple News, Twitter, Facebook or visit The Mirror homepage.
