HQ/EMEAFind out how we can help your business
The Legal Aid Agency (LAA) in the United Kingdom has announced that a recent cyberattack was more damaging than previously stated. This attack led to the theft of a considerable amount of sensitive information from legal aid applicants.
Following an internal examination of the security incident, the UK government confirmed this information.
The LAA, part of the Ministry of Justice, provides legal aid services through guidance, representation, and support for individuals unable to afford legal assistance.
Eligibility for legal help is decided by the applicant’s financial situation and the merits of their case, which may involve areas such as family law, housing, debt, immigration, mental health, and criminal law.
LAA revealed the cybersecurity issue earlier this month.
Earlier this month, LAA reported a security breach that involved the possible exposure of limited financial information. However, a subsequent update on an official UK government portal revealed that the breach’s impact was much wider. The notification indicated that data dating back to 2010 might have been accessed and extracted by the malicious actors involved.
According to the announcement, on Friday, May 16, it was discovered that the attack was broader than initially realised. It is believed that the perpetrators accessed and downloaded extensive personal information related to legal aid applicants utilising the agency’s digital services since 2010.
The potentially compromised information includes applicants’ full contact details, dates of birth, national identification numbers, criminal history, employment status, and financial information, including contribution amounts, debts, and payments associated with legal aid applications.
In response, the UK government has urged all impacted individuals to stay vigilant against potential phishing or scam attempts. It has also been recommended that applicants confirm any communications before sharing sensitive information.
The chief executive officer of LAA publicly apologised, expressing sincere regret over the breach and promising additional updates as the investigation continues.
The LAA systems have been secured with assistance from the National Cyber Security Centre (NCSC). As a precaution, the agency’s online application portal has been temporarily suspended.
As of now, it is still uncertain whether the LAA breach is connected to these larger campaigns.
