The Ministry of Justice (MoJ) was hacked. 2.1 million pieces of data on people who applied to the Legal Aid Agency
19/05/2025
The Ministry of Justice (MoJ) has said hackers accessed and downloaded a "significant amount of personal data" of people who applied to the Legal Aid Agency, including criminal records.
The group that carried out the cyber-attack says it accessed 2.1 million pieces of data, but the MoJ has not verified that figure; it is understood.
A MoJ source blamed the breach on the previous government's "neglect and mismanagement," saying vulnerabilities in the Legal Aid Agency systems have been known for many years.
The Legal Aid Agency (LAA) is an executive agency sponsored by the MoJ that administers legal aid funding, which was around £2.3bn in 2023/24.
The data accessed affected those who applied for legal aid in the last 15 years. It may include the contact details and addresses of legal aid applicants, their dates of birth, national insurance numbers, criminal history, employment status, and financial data such as contribution amounts, debts, and payments.
The MoJ has urged anyone who applied for legal aid since 2010 to update any passwords that could have been exposed and be alert to unknown messages and phone calls.
Legal Aid Agency chief executive Jane Harbottle has apologised for the breach and acknowledged the news would be "shocking and upsetting”. She said.
- "Since the discovery of the attack, my team has been working around the clock with the National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency,"
- "However, it has become clear that we needed to take radical action to safeguard the service and its users. That is why we've decided to take the online service down," she said.
Ms Harbottle said contingency plans are in place for those who need legal support and advice.
A Law Society spokesperson said
- "The incident again demonstrates the need for sustained investment to bring the LAA's antiquated IT system up to date and ensure the public has continued trust in the justice system."
- The Ministry of Justice (MoJ) is working with the National Crime Agency and National Cyber Security Centre to investigate the data breach.
- The National Crime Agency said it was aware of the incident and was working closely with the MoJ to "better understand the incident and support the department".
It comes after retailers Co-op, Harrods, and Marks & Spencer were hit by cyberattacks, although there is no suggestion that they are connected to the incident at the LAA.
Source
The Team
Meet the team of industry experts behind Comsure
Find out moreLatest News
Keep up to date with the very latest news from Comsure
Find out moreGallery
View our latest imagery from our news and work
Find out moreContact
Think we can help you and your business? Chat to us today
Get In TouchNews Disclaimer
As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[www.gov.UK/government/publications/copyright-acts-and-related-laws]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here www.gov.uk/guidance/exceptions-to-copyright]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email info@comsuregroup.com.
As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[www.gov.UK/government/publications/copyright-acts-and-related-laws]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here www.gov.uk/guidance/exceptions-to-copyright]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email info@comsuregroup.com.