The Legal Aid Agency (LAA), a critical executive agency of the UK’s Ministry of Justice responsible for overseeing billions in legal funding, has alerted law firms to a significant cybersecurity incident.
The agency has warned that the attackers may have gained access to sensitive financial information, prompting a high-level investigation.
The LAA contracts with approximately 2,000 providers, including barristers, solicitor firms, and non-profit organizations to deliver civil and criminal legal aid services across England and Wales.
The agency also employs around 1,250 staff and manages the nation’s Public Defender Service.
In a letter dispatched to legal aid providers, the LAA conceded that while it “cannot confirm if any data was accessed,” it acknowledged the inherent “risk that legal aid providers’ payment information might have been compromised.”
Sky News was the first to report on this communication.
The agency sought to reassure its partners, stating, “This incident is being investigated in accordance with our data security processes, and action has been taken to mitigate the incident.”
The letter further states that the LAA is committed to data protection.
“The LAA takes the security of the information we hold seriously, and we understand the potential impact any breach can have on you,” it says.
National law enforcement and cybersecurity bodies are investigating the incident.
The UK National Crime Agency (NCA) confirmed that it was actively “working closely with the MoJ and the UK’s National Cyber Security Centre to probe the incident and support LAA’s ongoing investigation.”
An NCA spokesperson said, “We are aware of a cyber incident affecting the Legal Aid Agency. NCA officers are working alongside partners in the National Cyber Security Centre and MoJ to better understand the incident and support the department.”
This security scare at a government agency surfaces amidst a spate of high-profile cyberattacks targeting major UK retailers.
The DragonForce ransomware operation has reportedly claimed responsibility for disrupting the Co-op, Harrods, and Marks & Spencer (M&S).
In a statement, Harrods stated last week: “We recently experienced attempts to gain unauthorised access to some of our systems. Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted internet access at our sites today.”
Marks & Spencer has also been severely impacted by a cyber attack disclosed last month, with customers still unable to place online orders and reports of empty shelves in some stores. Police have launched an investigation into the M&S breach.
Co-op also announced last week that it had shut down parts of its IT systems after detecting hackers attempting to gain access. Internal communications revealed Co-op staff are now required to keep cameras on during remote meetings and verify all participants, suggesting concerns that hackers may be monitoring company calls.
