If you are ever unfortunate enough to need legal advice after being charged with a crime, and you can’t afford to pay for a lawyer, you will probably end up turning to the Legal Aid Agency (LAA). I’m familiar with the system. When I was charged with fraud in 2018 I applied for legal aid.
When you apply, the LAA asks you for a great deal of information, including your national ID numbers, criminal record, employment status, financial information and even any debts you have and regular payments you make. In the wrong hands this data could be used for identity theft and potentially blackmail.
In the wrong hands this data could be used for identity theft and potentially blackmail
This makes today’s news that the agency suffered a significant cyber attack in April deeply concerning. The attackers targeted the LAA’s online digital services platform, used by legal aid lawyers to log their work and receive payments. After the initial attack, the LAA ‘informed all legal aid providers that some of their details, including financial information may have been compromised’.
That was bad enough, but then on Friday the LAA discovered ‘the attack was more extensive than originally understood and that the group behind it had accessed a large amount of information relating to legal aid applicants.’ I understand the LAA is not currently certain exactly what data has been taken, but that the thieves are claiming to have around 2.1 million items of data.
The Ministry of Justice is taking this seriously. They’ve advised every single person who has applied for legal aid since 2010 to ‘take steps to safeguard themselves’. I am one of those people, but other than changing my passwords, it’s unclear what else we can do, given our most private information has been compromised.
At this stage we don’t know if any ransom demand has been sent to the LAA for the information. The National Crime Agency are investigating and the National Cyber Security Centre have been informed, as has the Information Commissioner. An investigation will no doubt determine how the thieves were able to access so much data. In the meantime the LAA online platform has been taken down. It’s unclear what this will mean for court backlogs, but manually processing hundreds of thousands of claims will probably be less efficient.
Jane Harbottle, the Chief Executive Officer of the LAA has said ‘I understand this news will be shocking and upsetting for people and I am extremely sorry this has happened… we have put in place the necessary contingency plans to ensure those most in need of legal support and advice can continue to access the help they need during this time.’
This is unlikely to be enough for victims. People who have suffered from a data breach are entitled to compensation, and the bill for this may be significant.If around two million people have had their private data stolen, then each might expect significant compensation, meaning that a substantial bill is on the way for the government. It’s clear the government desperately needs to get a grip on its IT security.
Comments