Legal aid data breach
Government agency discloses cyber-attack
The Ministry of Justice has just issued a disturbing news release. It says:
On Wednesday 23 April, we became aware of a cyber-attack on the Legal Aid Agency’s online digital services.
These are the services through which legal aid providers log their work and receive payment from the Government.
In the days following the discovery, we took immediate action to bolster the security of the system, and informed all legal aid providers that some of their details, including financial information, may have been compromised.
Since then, we have worked closely with the National Crime Agency and National Cyber Security Centre as well as informing the Information Commissioner.
On Friday 16 May we discovered the attack was more extensive than originally understood and that the group behind it had accessed a large amount of information relating to legal aid applicants.
We believe the group has accessed and downloaded a significant amount of personal data from those who applied for legal aid through our digital service since 2010.
This data may have included contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments.
We would urge all members of the public who have applied for legal aid in this time period to take steps to safeguard themselves. We would recommend you are alert for any suspicious activity such as unknown messages or phone calls and to be extra vigilant to update any potentially exposed passwords. If you are in doubt about anyone you are communicating with online or over the phone you should verify their identity independently before providing any information to them.
Jane Harbottle, Chief Executive Officer of the Legal Aid Agency, said:
“I understand this news will be shocking and upsetting for people and I am extremely sorry this has happened.
“Since the discovery of the attack, my team has been working around the clock with the National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency.
“However, it has become clear that to safeguard the service and its users, we needed to take radical action. That is why we’ve taken the decision to take the online service down.
“We have put in place the necessary contingency plans to ensure those most in need of legal support and advice can continue to access the help they need during this time.
“I am incredibly grateful to legal aid providers for their patience and cooperation at a deeply challenging time.
“We will provide further updates shortly.”
Further information on how to protect yourself from the impact of a data breach can be found on the NCSC website.
I extend my deepest sympathy to all embroiled in this - for me- frightening hazard of AI. I, naturally, feel for my former colleagues who now have YET ANOTHER hurdle to traverse BEFORE even STARTING on any legal application. But what of, especially, the clients who now have yet another quality of life diminishing anxiety on their hands. There must in particular be those engaged in this new struggle-both lay and professionals- who have like me been innumerate all my life. It is strange, is it not, that MUCH understanding tends to be extended to those who are illiterate or who battle against semi-literacy, whilst a shrug of the shoulders appears a sufficient acknowledge for the very many hobbled by “number blindness”? I had as it happens a legal executive who was able for many years to plaster over that particular crack and I remain grateful to him to this day. All the same, towards the end of my 47 (sic) of my (actually) successful practice as Solicitor/Advocate by the time I had been able to totter to my feet and DO THE JOB I was often close to exhaustion from the process of legal aid process beforehand and justifying every penny claimed afterwards.I doubt anyone would have ever called me semi-literate or lost for words, but there you have it. Peter Sommer has a good point and I have to say that I almost always found Judges -if of the Bar- ignorant of and airily indifferent to legal aid complexities when adjournments had needed to be sought- usually for the financial eligibility limb should the client be on anything more or other than rock bottom benefit. Happy days? Well, yes- but ever more exhausting for the WRONG reasons.
Cyber-attacks like this one and those affecting retailers recently seem to me to to an indication of complacency or of cost-cutting and so-called ‘efficiency’ on the part of the data controllers. Insufficient attention is being paid to security