A cyber attack on the UK’s legal aid systems in April was able to extract a “large amount of information” relating to applicants including criminal records.
The Ministry of Justice (MoJ) believes the group accessed and downloaded a significant amount of personal data from those who have applied for legal aid through the government’s digital service since 2010.
The breach is particularly concerning given the sensitive nature of the data leaked.
It was originally detected on 23 April, following which the service took steps to bolster its security. But on Friday it discovered the attack was more extensive than originally understood.
The data may have included contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments. The group that carried out the attack has claimed it accessed 2.1 million pieces of data in total, the PA news agency has reported.
The MoJ has warned all applicants to safeguard themselves and stay alert for suspicious activity such as unknown messages or phone calls and to update any potentially exposed passwords.
Jane Harbottle, CEO of the Legal Aid Agency, said: “I understand this news will be shocking and upsetting for people and I am extremely sorry this has happened.
“Since the discovery of the attack, my team has been working around the clock with the National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency.
“However, it has become clear that to safeguard the service and its users, we needed to take radical action. That is why we’ve taken the decision to take the online service down.
“We have put in place the necessary contingency plans to ensure those most in need of legal support and advice can continue to access the help they need during this time.”
A number of major cyber attacks across the UK have impacted a variety of sectors in recent months. Marks & Spencer suffered a major breach over the Easter weekend, which was believed to be a ransomware attack by the group Scattered Spider and its affiliate DragonForce.
The payroll system of the UK armed forces was also hacked in May 2024, leading to the exposure of personal data for nearly 270,000 current and former staff, including identities, bank details and National Insurance numbers.
Click Here For The Original Source.
