A “significant amount of personal data” belonging to legal aid applicants dating back to 2010 in the UK was stolen by cybercriminals, the Ministry of Justice (MoJ) confirmed today.
The announcement follows the initial news from May 6 of an attack on the UK’s Legal Aid Agency (LAA), an MoJ-sponsored organization that allows legal aid workers to record their hours and bill the the government accordingly. The aid is means tested, granted to people on low incomes and with limited savings.
The attack itself was detected on April 23 but investigators found on May 16 that the damage was “more extensive than originally understood and that the group behind it had accessed a large amount of information relating to legal aid applicants.”
Affected data goes back to 2010 and could include applicants’ contact details, home addresses, dates of birth, national ID numbers, criminal histories, employment statuses, and financial data such as contribution amounts, debts, and payments.
[…]
The MoJ didn’t specify the number of people believed to be affected, but publicly available data [PDF] shows the number of legal aid claims made in the last reporting year – April 2023 to March 2024 – stood at 388,888, of which 96 percent were granted. This also represented a 7 percent increase in applications compared to the previous reporting year.
It should also be noted that each application may involve more than one individual.
The PA news agency reported that 2.1 million data points were stolen, although the MoJ has not officially corroborated this.
Other data published by the MoJ shows that over £2 billion ($2.7 billion) was spent on legal aid between April 2023 and March 2024.
All members of the public who applied for legal aid between 2010 and 2025 were advised to be extra vigilant about suspicious activity such as unknown calls and messages, and advised to change their passwords.
Max Vetter, VP of cyber at Immersive, who also spent years at the Metropolitan Police and taught at the GCHQ summer school, said that due to its sensitivity, the data could be used to extort not only the LAA but also the affected individuals.
[…]
Source: Legal Aid Agency attack involved ‘significant’ data theft • The Register
And this is why you clean your data regularly.
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft