In April 2025, a cyber attack on the Legal Aid Agency (LAA) compromised a substantial amount of personal data, including criminal records of applicants dating back to 2010, as reported by the Ministry of Justice (MoJ).

In response to the breach, the LAA has taken its online services offline to protect users and has implemented contingency plans to ensure continued access to legal support.

CEO Jane Harbottle expressed regret over the incident and stated that the agency is working with the National Cyber Security Centre to enhance security measures.

Affected clients are being notified and provided guidance on monitoring their financial and legal accounts for any suspicious activity.

Users are advised to remain vigilant against unsolicited communications, particularly phishing scams that may exploit the recent cyber attack.

Cybersecurity expert Jake Moore emphasized the necessity for public bodies to invest in robust cyber defenses and maintain transparency during crises to uphold trust.

Richard Atkinson, president of the Law Society of England and Wales, called for urgent updates to the LAA's outdated IT system to restore public confidence in the justice system.

The breach not only exposed sensitive personal information but also hindered necessary reforms, affecting updates to legal aid eligibility and financial support for legal firms.

Following the attack, the LAA has enhanced its system security and informed legal aid providers about the potential data breach.

The UK public sector has seen a rise in cyberattacks, with nearly 41% of organizations reporting data breaches in the past year, highlighting a growing trend in vulnerabilities.

The MoJ has advised anyone who applied for legal aid since 2010 to be vigilant for suspicious communications and to update potentially compromised passwords.

An MoJ source attributed the breach to years of neglect and mismanagement by the previous government, pointing out known vulnerabilities in the LAA's digital systems.