The Ministry of Justice (MoJ) confirmed on Monday that a cyberattack led to the exposure of personal information for Legal Aid Agency (LAA) applicants going as far back as 2010.
They said they had gained access to and downloaded 2.1 million records – including applicants’ criminal histories – but this was a number the MoJ was unable to verify.
The gov.uk team came out of the weekend after online attacks against LAA’s site. The government first learned about the attack on online services run by the LAA on April 23, and learned about its wider dimensions on Friday. It led the MoJ to warn those who have applied for legal aid since 2010 to be on their guard for suspicious communications and change their passwords.
Compromised information may include :− names, addresses, dates of birth, national insurance numbers, criminal offences, income details, contributions, debts, payments, legal aid receipt status. The LAA’s online platform used by legal aid providers to record work completed and receive payments from the government has also been suspended.
A MoJ source said the breach was due to the previous government’s “complacency and inactivity” with regards to weaknesses in the LAA’s systems that had been identified some time ago. The former administration knew about these vulnerabilities, and did nothing about it,’ the source claimed.
The MoJ is working with the National Crime Agency, the National Cyber Security Centre, and the Information Commissioner has been notified. The LAA’s chief executive, Jane Harbottle, admitted to the data breach and said she “deeply regretted” it. She said arrangements would be in place for those in need of legal support to still be able to access it.
