Legal Aid Agency experiences severe personal data breach
19/05/2025 | The Guardian
The Legal Aid Agency (LAA) for England and Wales has suspended its online service following a cyberattack that resulted in hackers accessing the personal data of hundreds of thousands of legal aid applicants dating back to 2010.
In a statement released on Monday, the Ministry of Justice (MoJ) announced that it was alerted to the hack on 23 April and took immediate action. However, by Friday, 16 May, the MoJ discovered the breach was more extensive than initially believed, with the attackers obtaining "a large amount of information relating to legal aid applicants."
According to the statement, the compromised data may include applicant contact details, addresses, dates of birth, national ID numbers, criminal histories, employment status, and financial information.
The MoJ confirmed that it is working with the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC), and has informed the Information Commissioner's Office (ICO).
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 6,250 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.