The UK Ministry of Justice shuts down legal aid online services after a cyberattack exposed sensitive data, including criminal records and financial information.
 |
| Following a significant cyber breach, Britain’s Ministry of Justice suspended its Legal Aid Agency’s online services, citing exposed data spanning 15 years. Image: CH |
London, UK – May 20, 2025
Britain’s Ministry of Justice has confirmed a significant cyberattack that forced the shutdown of online services managed by the Legal Aid Agency, affecting both legal aid recipients and the lawyers representing them. The breach, which came to light on April 23 but was found to be far more severe on May 17, compromised highly sensitive personal data, including national insurance numbers, criminal records, payment information, and other private details.
“This news will be shocking and upsetting for people, and I am extremely sorry this has happened,” said Jane Harbottle, Chief Executive of the Legal Aid Agency. “We needed to take radical action to safeguard the service and its users. That is why we’ve decided to take the online service down.”
The agency, which provides legal support to individuals unable to afford legal representation, operates a digital portal where legal professionals log their work to receive payments. Following the breach, these services were suspended indefinitely.
According to the Ministry, a "significant amount of personal data" dating back 15 years was exposed. The compromised information reportedly includes applicants' home addresses, birth dates, employment status, financial details, and past criminal history.
Hackers behind the breach claimed to have accessed 2.1 million records, though officials have not confirmed the accuracy of that figure. The National Crime Agency and the National Cyber Security Centre are currently investigating the breach alongside the Justice Ministry.
Richard Atkinson, President of the Law Society of England and Wales, criticized the state of the agency’s outdated IT infrastructure. “The fragility of the IT system has prevented vital reforms,” Atkinson said, highlighting delays in updating the means test and issues with payments to legal firms. “If it is now also proving vulnerable to cyberattack, further delay is untenable.”
The government has not yet provided a timeline for restoring the affected systems or detailed the full scope of the breach. However, the incident has renewed scrutiny of cybersecurity practices within the UK’s public sector, particularly in critical services like legal aid.