Pierluigi Paganini May 20, 2025

The UK’s Legal Aid Agency suffered a cyberattack in April and has now confirmed that sensitive data was stolen during the incident.

The Legal Aid Agency (LAA) revealed that it had suffered a cyberattack on its systems on April 23. 

The Legal Aid Agency (LAA), part of the UK Ministry of Justice, ensures access to justice by funding civil and criminal legal cases for those who can’t afford representation. It manages payments to legal professionals and supports vulnerable individuals, including asylum seekers and people in family or criminal cases.

Following the cyberattack, the UK Legal Aid Agency acted swiftly to enhance system security and notified legal aid providers of a possible data breach. The Agency investigated the security breach with the help of the National Crime Agency and National Cyber Security Centre. On May 16, it was revealed that the breach was more extensive than initially believed, with hackers accessing and downloading sensitive personal data of legal aid applicants dating back to 2010. The agencies notified the authorities.

“On Friday 16 May we discovered the attack was more extensive than originally understood and that the group behind it had accessed a large amount of information relating to legal aid applicants.” reads the update published by the agency. “We believe the group has accessed and downloaded a significant amount of personal data from those who applied for legal aid through our digital service since 2010.”

Downloaded data may have included contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments.

“I understand this news will be shocking and upsetting for people and I am extremely sorry this has happened.

Since the discovery of the attack, my team has been working around the clock with the National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency.” Jane Harbottle, Chief Executive Officer of the Legal Aid Agency, said. “However, it has become clear that to safeguard the service and its users, we needed to take radical action. That is why we’ve taken the decision to take the online service down.

We have put in place the necessary contingency plans to ensure those most in need of legal support and advice can continue to access the help they need during this time.”

The UK Legal Aid Agency has joined a growing list of high-profile victims in a recent surge of cyberattacks. Harrods, Marks & Spencer, and the Co-op were also targeted, facing system disruptions, financial losses, and operational setbacks.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)