An agency of the UK’s Ministry of Justice (MoJ) has suffered a cyberattack that has resulted in a stunning data breach of people’s personal data.
On Monday this week, it was announced that “on Wednesday 23 April, we became aware of a cyber-attack on the Legal Aid Agency’s online digital services.”
The cyberattack was on the services through which legal aid providers log their work and receive payment from the UK Government.
Unfortunately, it has exposed very sensitive data, resulting in the Legal Aid agency taking down its online services.
Data breach
“In the days following the discovery, we took immediate action to bolster the security of the system, and informed all legal aid providers that some of their details, including financial information, may have been compromised,” the MoJ stated.
The MoJ said it has worked closely with the National Crime Agency and National Cyber Security Centre, as well as informing the Information Commissioner.
“On Friday 16 May we discovered the attack was more extensive than originally understood and that the group behind it had accessed a large amount of information relating to legal aid applicants,” it stated, and then confirmed that huge amounts of data has been compromised.
“We believe the group has accessed and downloaded a significant amount of personal data from those who applied for legal aid through our digital service since 2010,” it stated.
This data may have included contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments.
“We would urge all members of the public who have applied for legal aid in this time period to take steps to safeguard themselves,” it stated. “We would recommend you are alert for any suspicious activity such as unknown messages or phone calls and to be extra vigilant to update any potentially exposed passwords. If you are in doubt about anyone you are communicating with online or over the phone you should verify their identity independently before providing any information to them.”
Meanwhile the Associated Press reported that hackers have claimed they had access to 2.1 million pieces of data, though the government did not confirm that figure.
“I understand this news will be shocking and upsetting for people and I am extremely sorry this has happened,” said Jane Harbottle, CEO of the Legal Aid Agency. “Since the discovery of the attack, my team has been working around the clock with the National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency.”
“However, it has become clear that to safeguard the service and its users, we needed to take radical action,” said Harbottle. “That is why we’ve taken the decision to take the online service down.
“We have put in place the necessary contingency plans to ensure those most in need of legal support and advice can continue to access the help they need during this time,” said Harbottle. “I am incredibly grateful to legal aid providers for their patience and cooperation at a deeply challenging time. We will provide further updates shortly.”
Ministry of Justice
In 2016 it was reported that the UK government had begun a £1 billion modernisation of the courts system, for the existing MoJ network.
That same year in 2016 the MoJ publicly admitted it was struggling to attract skilled cyber security staff.
Then in 2019 the MoJ was forced to admit that a major IT network outage was caused by an infrastructure failure in a third party data centre, and was not the result of a cyberattack.
But now given the scale of the MoJ data breach, it is likely that the Legal Aid agency will be facing potentially stiff penalties from the Information Commissioners Office.
