A major cyber attack on the Legal Aid Agency (LAA) has exposed a vast amount of sensitive personal data belonging to individuals who applied for legal aid over the past 15 years, the Ministry of Justice (MoJ) has confirmed.
The breach, which became public on Monday, 19 May 2025, may include the criminal records, contact details, National Insurance numbers, financial information, and employment data of hundreds of thousands of applicants.
The hacker group responsible claims it accessed over 2.1 million pieces of data, though this figure has not yet been verified by the MoJ.
The breach was first detected on 23 April, but it was only realised last Friday that the attack was far more extensive than initially understood.
An MoJ insider attributed the severity of the incident to “neglect and mismanagement” by the previous government, highlighting that security vulnerabilities in the LAA’s IT infrastructure have been known for years.
Legal Services Disrupted
In response to the breach, the LAA has taken down its online digital services, which are used by legal aid providers to log cases and receive payments.
Legal Aid Agency chief executive Jane Harbottle apologised, calling the incident “shocking and upsetting” and confirmed contingency systems are in place to ensure those in need of legal support can still access services.
“To safeguard the service and its users, we needed to take radical action,” she said.
“That is why we’ve taken the decision to take the online service down.”
The Law Society criticised the breach, blaming it on the agency’s “antiquated IT system” and calling for urgent government investment to restore public trust in the justice system.
Investigation Underway
The National Crime Agency and the National Cyber Security Centre are now working closely with the MoJ to investigate the breach, determine the source, and provide cybersecurity support.
Affected individuals — anyone who has applied for legal aid since 2010 — have been urged to change passwords linked to their applications and to remain vigilant for suspicious calls, emails, or messages.
This breach comes amid a spate of high-profile cyber attacks targeting UK institutions and businesses, including Marks & Spencer, Harrods, and Co-op. There is no indication the incidents are connected.
