Legal Aid Agency suffers major cybersecurity incident

Financial data potentially compromised

Legal Aid Agency confirmed it has identified a “security incident.”

The UK government's Legal Aid Agency (LAA), the body responsible for administering more than £2 billion annually in legal aid funding, has been hit by a cybersecurity incident that may have exposed sensitive financial information, according to officials and documents seen by Sky News.

In a letter sent to contracted legal firms last week, the LAA confirmed it had identified what it termed a "security incident."

The agency, an executive arm of the Ministry of Justice (MoJ), warned that it is possible third parties accessed financial data belonging to legal aid providers.

While the LAA stopped short of confirming what specific data had been compromised, it acknowledged that "payment information may have been accessed."

The LAA funds legal services in criminal and civil cases across England and Wales and works with nearly 2,000 service providers, including law firms, barristers, charities, and telephone support services.

These organisations are contracted to deliver legal aid to vulnerable clients, and many hold vast amounts of sensitive personal and financial information.

The Ministry of Justice has confirmed that both the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) are now involved in the ongoing investigation.

"We take any data breach extremely seriously and have already taken action to bolster the security of the legal aid system," an MoJ spokesperson said.

"We're working with the National Crime Agency and National Cyber Security Centre to investigate the situation, and it would be inappropriate to comment further at this stage."

A spokesperson for the NCA added: "We are aware of a cyber incident affecting the Legal Aid Agency. NCA officers are working alongside partners in the NCSC and MoJ to better understand the incident and support the department."

The LAA, which is headquartered in London and employs approximately 1,250 staff across various locations in England and Wales, expressed regret over the breach.

In the letter, the agency said: "This incident is being investigated in accordance with our data security processes, and action has been taken to mitigate the incident. I would like to offer our sincere apologies for any concern this may cause you."

Cyberattacks on public and private sector organisations have become increasingly common, with law firms viewed as particularly high-value targets due to the volume of confidential client data and financial transactions they handle.

While the LAA breach appears unrelated, it follows a spate of recent cyberattacks on major UK retailers including Co-op, Harrods, and Marks & Spencer.

Marks & Spencer (M&S) suffered an attack last month that caused significant operational disruption, affecting online orders, contactless payment systems, and the company's Click & Collect service.

Similarly, Co-op implemented precautionary VPN access restrictions following a cyber incident that impacted its systems. On Friday, the retailer confirmed that the attackers had successfully stolen data belonging to a "significant number of our current and past members."

Luxury department store Harrods also took defensive action on Friday, 1st May, restricting internet access to its sites after threat actors attempted to infiltrate its network. Whilst a full breach has not yet been confirmed by Harrods, the move suggests an active response to a credible cyber threat.

In light of these escalating cyber threats, the UK's National Cyber Security Centre (NCSC) has issued guidance, strongly advising all UK organisations to bolster their cybersecurity defences. The NCSC has characterised these recent attacks as a critical "wake-up call" for all businesses operating in the UK.