The Ministry of Justice has confirmed that online systems used by the Legal Aid Agency have been taken offline following a cyberattack that exposed a substantial amount of personal information, including criminal records, national insurance numbers and payment details.
The Ministry said it first became aware of the breach on April 23 but only realised the full extent of the compromise on Friday. The attack has affected services used by legal aid recipients and the lawyers who represent them, prompting the agency to shut down its digital platform as a precaution.
Jane Harbottle, chief executive of the Legal Aid Agency, said the decision to suspend services was necessary to protect users. She acknowledged the disruption the breach would cause and said the action was taken to safeguard both the system and the people who rely on it.
Although the government did not confirm the scale of the breach, hackers have claimed to have accessed 2.1 million records. The exposed data reportedly includes information dating back 15 years, covering applicants’ addresses, birth dates, employment and financial status, as well as details of criminal history.
The Legal Aid Agency provides legal assistance in civil and criminal cases to individuals who cannot afford legal representation. Its online portal is used by providers to log completed work in order to receive payment.
The National Crime Agency and the National Cyber Security Centre are working with the Ministry to investigate the breach and provide support in mitigating its impact.
Richard Atkinson, president of the Law Society of England and Wales, said the incident highlighted longstanding concerns about the agency’s IT infrastructure. He noted that the fragility of the system had already hindered key reforms, including changes to the means test and interim payments to firms affected by court delays. Atkinson said the additional exposure to cyber threats made further delay in addressing IT issues unsustainable.
The incident reflects wider concerns about cyber risk across UK institutions, including the insurance industry, where both insurers and policyholders have faced growing exposure to digital threats. The Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) have, in recent years, increased their scrutiny of operational resilience in the sector, identifying cyber incidents as a key risk to market stability.
Insurers have not only become targets themselves but also play a central role in underwriting cyber risk across the economy. The rise in claims frequency and severity has prompted some insurers to reassess coverage limits, tighten policy terms, and invest in cyber underwriting capabilities.
Cyber insurance remains a developing market in the UK, with uptake growing among businesses in response to a string of high-profile attacks. However, coverage gaps and the evolving nature of threats continue to pose challenges for both insurers and their clients.
Industry bodies, including the Association of British Insurers (ABI), have called for more coordinated action on cyber resilience, including clearer regulatory expectations, improved information sharing, and investment in digital infrastructure.
