MoJ: Significant personal data accessed in legal aid breach

MoJ Significant personal data accessed in legal aid breach
Credit: Getty Images

UK (Parliament Politics Magazine) – The Ministry of Justice confirmed a major cyber breach exposing legal aid applicants’ data since 2010, causing system shutdowns and public warnings.

As reported by The Guardian, personal information of hundreds of thousands of legal aid applicants in England and Wales, dating back to 2010, including criminal histories and financial details, was illegally stolen.

Which data was accessed in the legal aid breach?

Authorities admit the breach could contain personal information like contact details, addresses, dates of birth, and national ID numbers. It may include criminal history, employment information, and financial data such as debts, payments, and contribution amounts.

Authorities say hackers accessed 2.1 million data entries, but this figure remains unconfirmed.

The data breach will spark concern among many applicants and legal aid lawyers.

What did the Ministry of Justice source say about the legal aid data breach?

According to a Ministry of Justice insider, the data breach resulted from long-standing neglect and mismanagement by the former government, which ignored known weaknesses in the Legal Aid Agency’s digital systems.

They said,

“This data breach was made possible by the long years of neglect and mismanagement of the justice system under the last government.”

The source added,

“They knew about the vulnerabilities of the Legal Aid Agency digital systems, but did not act.”

What did MoJ officials reveal about the legal aid cyber-attack?

The Ministry of Justice revealed it detected a cyber-attack on the Legal Aid Agency’s digital services on 23 April, but only realised its full scale by Friday.

The Legal Aid Agency’s digital platform, used by providers to submit claims and receive payments, has been temporarily suspended.

The MoJ stated,

“We believe the group has accessed and downloaded a significant amount of personal data from those who applied for legal aid through our digital service since 2010. This data may have included contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments.”

The department said,

“We would urge all members of the public who have applied for legal aid in this time period to take steps to safeguard themselves. We would recommend you are alert for any suspicious activity such as unknown messages or phone calls and to be extra vigilant to update any potentially exposed passwords,”

adding,

“If you are in doubt about anyone you are communicating with online or over the phone you should verify their identity independently before providing any information to them.”

The Ministry of Justice has contacted the Information Commissioner and is working with the NCA and NCSC to investigate the breach.

What did Jane Harbottle say about the legal aid data breach?

The LAA’s chief executive, Jane Harbottle, expressed regret over the breach, saying,

“I understand this news will be shocking and upsetting for people, and I am extremely sorry this has happened.”

She stated,

“Since the discovery of the attack, my team has been working around the clock with the National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency.”

Ms Harbottle added,

However, it has become clear that, to safeguard the service and its users, we needed to take radical action. That is why we’ve taken the decision to take the online service down.”

She said contingency plans will keep legal aid services running for applicants during the disruption. 

How has the Law Society criticized the LAA’s IT systems?

The Law Society in 2023 urged the government to upgrade the LAA’s digital platform, describing it as “too fragile to handle demands.”

They slammed the LAA’s outdated systems, calling them evidence of years of neglect in the justice system.

Major types of cyber attacks

  • Malware (e.g., viruses, ransomware, spyware, trojans, worms) 126
  • Phishing (including spear-phishing and whaling) 126
  • Denial-of-Service (DoS) / Distributed Denial-of-Service (DDoS) 138
  • Man-in-the-Middle (MITM) Attack 136
  • SQL Injection 178
  • Zero-Day Exploit 368
  • Password Attacks (e.g., brute force, credential stuffing, dictionary attacks) 1610
  • Ransomware 126
  • DNS Tunneling 38
  • Advanced Persistent Threats (APTs)

Daniele Naddei

Daniele Naddei is a journalist at Parliament News covering European affairs, was born in Naples on April 8, 1991. He also serves as the Director of the CentroSud24 newspaper. During the period from 2010 to 2013, Naddei completed an internship at the esteemed local radio station Radio Club 91. Subsequently, he became the author of a weekly magazine published by the Italian Volleyball Federation of Campania (FIPAV Campania), which led to his registration in the professional order of Journalists of Campania in early 2014, listed under publicists. From 2013 to 2018, he worked as a freelance photojournalist and cameraman for external services for Rai and various local entities, including TeleCapri, CapriEvent, and TLA. Additionally, between 2014 and 2017, Naddei collaborated full-time with various newspapers in Campania, both in print and online. During this period, he also resumed his role as Editor-in-Chief at Radio Club 91.
Naddei is actively involved as a press officer for several companies and is responsible for editing cultural and social events in the city through his association with the Medea Fattoria Sociale. This experience continued until 2021. Throughout these years, he hosted or collaborated on football sports programs for various local broadcasters, including TLA, TvLuna, TeleCapri, Radio Stonata, Radio Amore, and Radio Antenna Uno.
From 2016 to 2018, Naddei was employed as an editor at newspapers of national interest within the Il24.it circuit, including Internazionale24, Salute24, and OggiScuola. Since 2019, Naddei has been one of the creators of the Rabona television program "Calcio è Passione," which has been broadcast on TeleCapri Sport since 2023.