Personal information stolen in Legal Aid hack
Erin Bradbury - 26 May 2025
It's been a busy few weeks in cybersecurity: all sorts of businesses have faced recent cyberattacks, including Co-op, M&S, Harrods and the Ministry of Justice. To put it into perspective, more than four in ten businesses and three in ten charities have reported cybersecurity breaches in the last year, according to government statistics. The Legal Aid Agency was subject to an attack in April, and it's estimated that hackers have accessed 2.1 million pieces of data. The personal data of hundreds of thousands of applicants dating back to 2010 has reportedly been downloaded, including addresses, contact details, national ID numbers, employment, financial data and criminal history. What’s more, since legal aid is offered to those who need help covering the costs of legal advice and representation in court or tribunal, defendants and people at risk of abuse, serious harm or discrimination may have had their personal information compromised. This information could not only put them at risk, but fraudsters can use this data to steal identities or scam victims.
There are various forms of cyberattacks, including but not limited to spyware, viruses, get-rich quick ransomware and disruptive hacking, all of which can cause monetary and reputational damage to organisations and put their users at further risk. So, where does the law come into play? To put it simply, the Computer Misuse Act 1990 is the main structure relating to offences or attacks against computer systems (such as hacking or denial of service),even though it interestingly leaves room for technological development as it does not provide a strict definition of ‘computer’.Other legislation such as the Fraud Act 2006, which addresses dishonesty and deception, can also come into play when considering offences. Lawyers in the space have certainly been kept busy, advising clients on their technology and database information protection while keeping up with regulations and any potential impacts on businesses.