A family legal aid lawyer has questioned the priorities of government as legal practitioners continue to deal with the fall-out from the Legal Aid Agency (LAA) cyber attack last May.
Stacey Phoenix, director and head of family law at Cygnet Law in Redcar, made the comments as she highlighted the growing number of ‘no win, no fee’ ads appearing on social media targeting clients who were affected by the breach, while family lawyers continue to shoulder the costs.
“As a family legal aid lawyer, it’s hard not to feel a growing sense of frustration seeing these ads start to appear across social media,” Phoenix wrote in a post on LinkedIn.
“Since the cyber-attack on the Legal Aid Agency, there has been remarkably little public acknowledgment of the scale of the issue, minimal meaningful support for providers, and prolonged uncertainty for firms trying to continue delivering frontline services to vulnerable clients.
“We’ve had: months of disruption and risk shouldered by firms; a new system that is only just becoming operational; ongoing administrative burdens absorbed by already stretched practices.
“And now, before the dust has even settled, we’re told contingency payments must be repaid.
“Yet at the same time, claim management adverts are circulating telling applicants ‘don’t worry – you may have a claim’. The contrast is stark.”
In December, courts minister Sarah Sackman acknowledged there was no digital disaster recovery plan in place prior to the cyber attack, but said the LAA had prepared business continuity plans for business-critical processes and services to ensure access to justice could be maintained in the event of a system outage.
“These plans were tried and tested, and we were confident that the measures would be effective for our initial response,” the minister said.
She added:
“At every stage, we have acted to protect public access to justice and to support providers in delivering legal aid. We have achieved this without affecting court backlogs or police station activity.”
But Phoenix says eight months on from the attack, legal aid firms “are expected to carry the operational, financial and reputational risk of a major data breach with limited transparency and limited assistance – while others move swiftly to monetise the consequences.”
“This isn’t about denying individuals access to remedies where harm has genuinely occurred,” she stressed.
“It is about questioning priorities, accountability, and the lack of visible support for the providers who kept the system going through the disruption.
“Legal aid work survives on commitment, not margin. That commitment deserves better.”
Sackville said a formal ‘lessons learned’ approach will systematically analyse lessons from the Ministry of Justice and LAA’s preparation for, and response to, the cyber attack.
“This work will cover pre-incident risk management and the response to the incident itself,” the minister said.
“This will inform future resilience planning, governance improvement and risk mitigation strategies across the Ministry of Justice and its agencies.”
