There are unverified reports of up to 2.1m people’s records being accessed by the group responsible for the Legal Aid Agency (LAA) cyber attack confirmed last week. Those affected are thought to be people who have applied for legal aid in the last 15 years, with personal details including contact details, addresses, national insurance number, employment status and financial data accessed.
The government have confirmed it became aware of the incident on 23rd April, but the full extent of the breach is now coming to light.
“Since the discovery of the attack, my team has been working around the clock with the National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency,”
said LAA chief executive Jane Harbottle. She apologised the breach and added the agency had taken ‘radical action’ and taken the online service offline with contingency plans in place those needing access.
Law Society of England and Wales president Richard Atkinson said the situation was ‘extremely concerning’ calling on the LAA to ‘get a grip on the situation immediately.’
“The incident once again demonstrates the need for sustained investment to bring the LAA’s antiquated IT system up to date and ensure the public have continued trust in the justice system. The fragility of the IT system has prevented vital reforms, including updates to the means test that could help millions more access legal aid, and interim payments for firms whose cashflow is being decimated by the backlogs in the courts, through no fault of their own. If it is now also proving vulnerable to cyber-attack, further delay is untenable.”
“Legal aid firms are small businesses providing an important public service and are operating on the margins of financial viability. Given that vulnerability, these financial security concerns are the last thing they need.”
Writing to members Resolution have advised firms to use the contingences the LAA has set out for applications and billings and to contact the LAA customer services team if they cannot use delegated functions and/or have an imminent court hearing, In any event, staff are advised if they have used their LAA online portal password elsewhere to update it in all locations.
The Ministry of Justice has urged anyone who applied for legal aid since 2010 to update any passwords that could have been exposed, and be alert to unknown messages and phone calls.
