The UK’s Legal Aid Agency revealed on Monday that it was recently targeted in a cyberattack that resulted in a data breach involving sensitive information.
The Legal Aid Agency (LAA), which is part of the UK’s Ministry of Justice, provides criminal and civil legal aid and advice to people in England and Wales.
LAA and the Ministry of Justice said on Monday that they became aware of a cyberattack on LAA systems on April 23.
An investigation conducted with the aid of the National Crime Agency and National Cyber Security Centre revealed on May 16 that the intrusion was “more extensive than originally understood and that the group behind it had accessed a large amount of information relating to legal aid applicants”.
The investigation showed that the hackers stole a “significant amount of personal data” belonging to individuals who applied for legal aid online since 2010.
The compromised data includes applicants’ contact details and addresses, dates of birth, national ID numbers, criminal history, and employment status, as well as financial information such as contribution amounts, payments, and debts.
News outlets in the UK reported that unnamed hackers claimed to have stolen 2.1 million records, but the figure has not been confirmed by the government.
Jane Harbottle, CEO of the Legal Aid Agency, said work is being done to enhance security. “Radical action” is being taken, which is why the agency decided to shut down the impacted online service.
“We have put in place the necessary contingency plans to ensure those most in need of legal support and advice can continue to access the help they need during this time,” Harbottle said.
Related: 480,000 Catholic Health Patients Impacted by Serviceaide Data Leak
Related: 200,000 Harbin Clinic Patients Impacted by NRS Data Breach
Related: Canadian Electric Utility Lists Customer Information Stolen by Hackers
Related: Australian Human Rights Commission Discloses Data Breach