Legal Eagle: Legal Aid Agency data breach after cyber-attack

By Andrew Freckleton
Published 24th Jun 2025, 07:00 BST
Cyber attacks can result in personal data breaches.placeholder image
Cyber attacks can result in personal data breaches.
On April 23, 2025, the Ministry of Justice became aware of a cyber-attack on the Legal Aid Agency (LAA)’s online digital services. At first the severity of the attack was not known.

On April 30, 2025, the LAA advised their providers of the breach of individuals’ data.

On May 16, 2025, the LAA found the MOJ realised the breach was more extensive than originally thought.

Hide Ad
Hide Ad

It has been reported as of May 20, 2025, that hackers are claiming theft of 2.1 million pieces of data from Legal Aid Agency systems.

The data stolen may have included addresses of Legal Aid applicants, dates of birth, National Insurance Numbers, criminal history, employment and financial data including savings/debts/equity/loan agreements. There is concern about a data breach for details of cases – often very sensitive such as domestic abuse or sexual abuse.

Individuals’ data has been taken in relation to applications made from 2010 onwards. It is believed that hundreds of thousands of people have been affected. It is understood it is not only applicants for Legal Aid who had their data stolen. The data breach is believed also to have included data from Legal Aid providers such as solicitors’ firms which presumably would include commercially sensitive information.

There have been reports suggesting the data breach was made possible by long years of neglect and mismanagement of the justice system under previous governments. It has been said that the vulnerabilities of the Legal Aid Agency’s computer systems were well known.

Hide Ad
Hide Ad

The Legal Aid Agency have reported the matter to the Information Commissioner’s Office (ICO). It remains unclear what steps the LAA will now take in relation to the large number of individuals and organisations whose data has been breached. Often in such situations there is at the very least an offer of a free of charge credit check and identify theft measures. We await an announcement from the Legal Aid Agency.

For those individuals who have suffered distress or a loss as a result of the data breach consideration will need to be given to compensating those individuals for the losses suffered. Unfortunately, such data breaches occur too regularly, often as a result of inadequate IT security measures.

In the past our firm has pursued numerous cases for persons who have unfortunately suffered a loss as a result of data breaches. The distress suffered can be considerable, particularly when sensitive family information including child adoption details and safeguarding issues; or data such as health records, details of sexual abuse or domestic abuse is disclosed.

If you are concerned any organisation has failed to protect your data/unlawfully disclosed it, please contact one of our specialist solicitors Andrew Freckleton or Richard Hardy. We are one of the largest providers of LAA funded work. As a result of our work, we are very familiar with Legal Aid processes and systems.

Related topics:Legal AidRichard Hardy
News you can trust since 1873
Follow us
©National World Publishing Ltd. All rights reserved.Cookie SettingsTerms and ConditionsPrivacy notice