Hackers breach UK Ministry of Justice, steal personal data

Hackers have accessed and stolen a large volume of personal information from the UK’s Ministry of Justice in yet another major cyber-attack.

According to the Ministry, the breach occurred in April and targeted data belonging to individuals who have applied to the Legal Aid Agency since 2010.

The compromised information includes sensitive details, such as criminal records, which were reportedly accessed and downloaded during the attack.

The group behind the cyber-attack claims to have accessed 2.1 million records, though the Ministry of Justice has yet to confirm the exact scale of the breach.

Authorities were first alerted to suspicious activity on the Legal Aid Agency’s digital systems on April 23.

However, it wasn’t until Friday that the extent of the intrusion became clear.

The compromised data may include names, contact information, addresses, dates of birth, national insurance numbers, criminal records, employment details, and financial information such as debt levels, payments, and contributions.

The Legal Aid Agency’s digital services—used by legal aid providers to record their work and process payments—have been taken offline following the breach.

A source within the Ministry of Justice has blamed the data breach on years of “neglect and mismanagement” by the previous government, claiming known vulnerabilities in the Legal Aid Agency’s systems were ignored for far too long.

"They were aware of the weaknesses in the digital infrastructure but failed to take action," the source said.

In response to the breach, the MoJ is urging anyone who has applied for legal aid since 2010 to remain vigilant against suspicious messages or calls and to update any passwords that may have been compromised.

The ministry has notified the Information Commissioner and is working closely with the National Crime Agency and the National Cyber Security Centre to investigate the breach and mitigate its impact.

Legal Aid Agency chief executive Jane Harbottle has issued an apology to those affected.

Legal Aid Agency chief executive Jane Harbottle expressed deep regret over the breach, acknowledging the distress it may cause those affected.

"I understand this news will be shocking and upsetting for people, and I am extremely sorry this has happened," she said.

Since discovering the attack, her team has been working nonstop with the National Cyber Security Centre to strengthen system security and ensure the agency’s critical work can continue safely.

However, Harbottle explained that to protect both the service and its users, it was necessary to take drastic measures, including temporarily shutting down the online service.

She reassured the public that contingency plans are in place to guarantee ongoing access to legal support and advice during this period.

The Ministry of Justice revealed it first detected the cyber-attack on the Legal Aid Agency’s digital services on April 23, but only realized the full extent of the breach on May 16.

An MoJ spokesperson said, "We believe the group has accessed and downloaded a significant amount of personal data from individuals who applied for legal aid through our digital service since 2010. This may include contact details, addresses, dates of birth, national ID numbers, criminal history, employment status, and financial information such as contributions, debts, and payments."

The ministry is urging anyone who applied for legal aid during this period to remain vigilant against suspicious communications like unknown calls or messages and to update any passwords that might have been compromised.

They further advise that if there is any doubt about the identity of someone contacting you online or by phone, always verify their credentials independently before sharing any information.