UK government confirms massive data breach following hack of Legal Aid Agency

Britain’s Ministry of Justice (MoJ) confirmed on Monday that hackers had “accessed a large amount of information” from people who had applied for legal aid, potentially including their criminal histories.

According to the MoJ statement, everyone in England and Wales who applied for legal aid using the Legal Aid Agency’s online platform since 2010 may be affected.

Legal aid applicants “will include some of the most vulnerable people in our society,” said Gareth Mott, a research fellow at the Royal United Services Institute think tank and former lecturer in security and intelligence at the University of Kent.

The perpetrators of the data extortion incident claim to have data on more than 2 million people. The hackers have threatened to publish this data online in what would amount to one of the most significant data breaches to ever impact the British criminal justice system.

“I remember in previous research when we talked to people about ransomware cases where there are domestic violence incidents, for example, where someone has moved house for their safety. And there were cases where they’d had to have a police officer outside the door because someone could come round with a hammer if they saw that data if it was leaked online,” said Mott.

While the British government has secured a legal injunction against the hackers or anyone else distributing this data, such injunctions rarely have an impact on criminals who attempt to operate anonymously and from hostile jurisdictions.

The “ideal response would be to take it down, not that that’s easy,” said Mott, arguing in support of a law enforcement response targeting the extortion group behind the attack.

While the National Crime Agency (NCA) and its partners have had successes tackling ransomware groups like LockBit, Mott said he wasn’t sure that it had the capability currently to selectively take down the most risky data breaches.

“Cases like this open up a very interesting question. When we talk about protecting UK PLC, we often talk about protecting critical national infrastructure. The reality is that CNI is typically quite resilient, typically it will bounce back, but stuff like this is about public services that are very much critical and I think there’s a missing piece in that debate about how we prioritise and view these things from a public safety standpoint.”

A spokesperson for the NCA confirmed the agency was aware of the incident and working alongside partners at the National Cyber Security Centre and the MoJ in response.

While the attack on the Legal Aid Agency was first discovered on April 23, the MoJ said it was only last week on May 16 it realized “the attack was more extensive than originally understood and that the group behind it had accessed a large amount of information relating to legal aid applicants.”

Previously the MoJ had written to law firms warning that financial information belonging to legal aid providers — including law firms, non-profits and barristers — may have been compromised, as initially reported by Sky News.

The MoJ confirmed on Monday “the group has accessed and downloaded a significant amount of personal data from those who applied for legal aid through our digital service since 2010” although it did not state how many people may have been impacted.

“This data may have included contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments,” stated the MoJ.

Richard Atkinson, the president of the Law Society of England and Wales, said: “It is extremely concerning that members of the public have had their personal data compromised in this cyber security incident and the Legal Aid Agency must get a grip on the situation immediately.”

The agency’s chief executive, Jane Harbottle, said: “I understand this news will be shocking and upsetting for people and I am extremely sorry this has happened.

“Since the discovery of the attack, my team has been working around the clock with the National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency,” she added.

“However, it has become clear that to safeguard the service and its users, we needed to take radical action. That is why we’ve taken the decision to take the online service down,” said Harbottle.