Asked by: Pam Cox (Labour - Colchester)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, how many Prison Transfer Agreements are currently in place.
Answered by Jake Richards - Assistant Whip
The UK has Prisoner Transfer Agreements (PTAs) with over 110 countries. They allow for the transfer of Foreign National Offenders (FNOs) to their country of nationality to serve the remainder of their sentence, and the repatriation of British Citizens imprisoned overseas.
There are two types of PTA, compulsory meaning the FNO does not need to consent to transfer, and voluntary which means they do. In either case both countries must agree each transfer.
Asked by: Pam Cox (Labour - Colchester)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, how many prisons and Young Offender Institutions have (a) an ID and Banking Administrator and (b) an Employment Lead currently in post.
Answered by Jake Richards - Assistant Whip
Prison Employment Leads (PELs) and ID and Banking Administrators (IDBAs) were introduced to 93 prisons across the estate in 2022 and have been effective in supporting prisoners to prepare for their reintegration into the community since then. Whilst these roles are supported nationally, they are managed and recruited to locally, so numbers of vacancies are not held centrally.
Asked by: Pam Cox (Labour - Colchester)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, how many prisoners are participating in higher education courses.
Answered by Jake Richards - Assistant Whip
According to the Open University, as of 18 December 2025, there are 1,486 students who are currently in custody enrolled on Open University higher education programmes for the 2025/26 academic year, and a further 413 on licence in the community, totalling 1,899.
Additionally, some prisoners are taking level 4 courses, with 1,524 prisoners currently studying a course funded by the Prisoners’ Education Trust.
Asked by: Al Pinkerton (Liberal Democrat - Surrey Heath)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, what steps his Department is taking to improve prisoner rehabilitation in (a) Surrey and (b) Surrey Heath constituency.
Answered by Jake Richards - Assistant Whip
HM Prison and Probation Service rehabilitation services take many forms, ranging from accredited programmes and interventions that are aimed at giving people skills to change their attitudes, thinking and behaviour, to enabling a person to access education, healthcare, substance misuse support, suitable accommodation, and the means to earn a living pro-socially.
Some rehabilitative activity is delivered in-house, and some via our partner organisations. We keep our work under constant review to ensure we are acting in line with the available evidence whilst also meeting the rehabilitative needs of the people we work with.
Asked by: Shaun Davies (Labour - Telford)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, what assessment he has made of his Department's progress towards its target of increasing prison capacity.
Answered by Jake Richards - Assistant Whip
This Government inherited a prison system in collapse. We have taken decisive action to put prison capacity on a sustainable footing and end the cycle of repeated crises.
We have committed to the largest expansion of the estate since the Victorians, investing £7 billion in building prison places between 2024/25 and 2029/30. We are on track to deliver 14,000 new prison places by 2031 with c. 2,900 delivered already under this Government.
On top of this, we have introduced landmark sentencing reforms to end our prisons crisis – and deliver punishment that cuts crime. On 2 September we introduced the Sentencing Bill to take forward most of the recommendations made by David Gauke’s Independent Sentencing Review, as well as the measures that go further to manage offenders in the community. The House of Lords committee stage was concluded on 3 December.
Asked by: Vikki Slade (Liberal Democrat - Mid Dorset and North Poole)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, if he will make it his policy to review the status of people held on remand in custody for more than six months to determine whether they should be considered for conditional release.
Answered by Jake Richards - Assistant Whip
The decision to remand an individual in custody or to grant bail is solely a matter for the independent judiciary acting in accordance with the Bail Act 1976. With limited exceptions, the Bail Act creates a presumption in favour of bail for defendants involved in criminal proceedings. This recognises that a person should not be deprived of his/her liberty unless that is necessary for the protection of the public or the delivery of justice.
There is a well-established process that enables remanded prisoners to apply to the court for bail, and we have expanded the Bail Information Service over the last year to provide more support.
Asked by: Al Pinkerton (Liberal Democrat - Surrey Heath)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, what assessment he has made of the potential impact of parole board hearings on victims and their families in Surrey Heath constituency.
Answered by Jake Richards - Assistant Whip
We recognise that parole hearings can be distressing for victims and their families, which is why dedicated Victim Liaison Officers provide support throughout the process. Victims can explain the effect of the offence, and the ongoing impact it has on them, through a Victim Personal Statement, which may be read aloud during the hearing. They can also request specific licence conditions are put forward for the Parole Board to consider applying if an offender is released.
Since April, we have made it possible for victims to apply to observe hearings if they wish, to help them understand how the Parole Board considers evidence and assesses risk. We understand how challenging this process can be and we want to ensure that victims and their families are given the support, information and opportunities they need to help them through it.
Asked by: Marie Rimmer (Labour - St Helens South and Whiston)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, what types of personal and sensitive data were compromised in the April 2025 cyber attack on the Legal Aid Agency (LAA) including whether the breach included information on vulnerable individuals such as victims of domestic abuse and asylum seekers.
Answered by Sarah Sackman - Minister of State (Ministry of Justice)
We take the security of people’s personal data extremely seriously.
Firstly, to ensure transparency about the cyber- attack and that we reached as many potentially impacted individuals as possible, the Ministry of Justice published a notice shortly after it became aware of the criminal cyber-attack at 08:15 on 19 May on GOV.UK
The notice provided information about the cyber-attack and directed concerned members of the public to the National Cyber Security Centre’s webpage, which contained information on how to protect against the impact of a data breach.
The Legal Aid Agency (LAA) also set up dedicated Customer Services support via a telephone line and email for providers and clients who had concerns regarding the data breach. We did not write to all clients, to all the addresses that we had, because some of those addresses would no longer be current, and that would potentially create another data breach in itself.
The published statement referred to above sets out information about who may have been impacted and the nature of the information which may have been accessed. As far as we are aware, no data has been shared or put out in the public domain. An injunction has been put in place to prohibit sharing of this data. Anyone who does so could be sent to prison. If it is identified that a specific individual is at risk, action will be taken to try to contact them.
In the interests of security, we cannot confirm the method by which unauthorised access was gained to the LAA’s online digital systems or details about specific steps taken or measures implemented to protect LAA systems against any future cyber-attacks.
Security of the new systems has been paramount as we have rebuilt the LAA’s digital systems following the attack. The compromised digital portal has been replaced by a new, secure single sign-in tool for LAA online services (SiLAS). SiLAS has been designed and built in line with UK government and industry best practice for secure development. Security has been included from the ground up, including multi factor authentication, with independent testing activities to validate that the appropriate security controls are in place.
A dedicated team will monitor and update the service to ensure it evolves to remain resilient to emerging threats and is supported by a security operations capability. While no system can be entirely risk free, we are confident that we have taken the right steps to protect the service and its users.
Responsibility for disaster recovery planning for digital systems lies with Justice Digital rather than the LAA. Prior to the cyber- attack there was no digital disaster recovery plan in place. However, had we had a fully funded disaster recovery system, any immediate restoration would have simply restored the systems without resolving the vulnerabilities that enabled the cyber- attack to occur. Justice Digital now have a new Service Owner structure in place where clear Service Standards will be defined and monitored. This will include digital disaster recovery plans for each digital product.
Prior to the cyber- attack the LAA had in place prepared business continuity plans for business-critical processes and services to ensure that access to justice could be maintained in the event of a system outage. These plans were tried and tested, and we were confident that the measures would be effective for our initial response. These measures gave us sufficient time to design and implement longer term measures to meet the specific needs of the incident that were introduced in June 2025.
At every stage, we have acted to protect public access to justice and to support providers in delivering legal aid. We have achieved this without affecting court backlogs or police station activity.
Our business continuity planning was effective in maintaining access to justice from the outset of the attack and the need to have longer term options in place is one of the lessons that we have taken from this incident.
A formal lessons learned approach will systematically analyse lessons from the Ministry of Justice’s and LAA’s preparation for and response to the cyber-attack. This work will cover pre-incident risk management and the response to the incident itself. This will inform future resilience planning, governance improvement and risk mitigation strategies across the Ministry of Justice and its agencies.
Asked by: Marie Rimmer (Labour - St Helens South and Whiston)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, regarding the cyber attack in April 2025 on the Legal Aid Agency (LAA), other than the information on the LAA’s website, what steps have been taken to notify legal aid applicants that their confidential data has been accessed.
Answered by Sarah Sackman - Minister of State (Ministry of Justice)
We take the security of people’s personal data extremely seriously.
Firstly, to ensure transparency about the cyber- attack and that we reached as many potentially impacted individuals as possible, the Ministry of Justice published a notice shortly after it became aware of the criminal cyber-attack at 08:15 on 19 May on GOV.UK
The notice provided information about the cyber-attack and directed concerned members of the public to the National Cyber Security Centre’s webpage, which contained information on how to protect against the impact of a data breach.
The Legal Aid Agency (LAA) also set up dedicated Customer Services support via a telephone line and email for providers and clients who had concerns regarding the data breach. We did not write to all clients, to all the addresses that we had, because some of those addresses would no longer be current, and that would potentially create another data breach in itself.
The published statement referred to above sets out information about who may have been impacted and the nature of the information which may have been accessed. As far as we are aware, no data has been shared or put out in the public domain. An injunction has been put in place to prohibit sharing of this data. Anyone who does so could be sent to prison. If it is identified that a specific individual is at risk, action will be taken to try to contact them.
In the interests of security, we cannot confirm the method by which unauthorised access was gained to the LAA’s online digital systems or details about specific steps taken or measures implemented to protect LAA systems against any future cyber-attacks.
Security of the new systems has been paramount as we have rebuilt the LAA’s digital systems following the attack. The compromised digital portal has been replaced by a new, secure single sign-in tool for LAA online services (SiLAS). SiLAS has been designed and built in line with UK government and industry best practice for secure development. Security has been included from the ground up, including multi factor authentication, with independent testing activities to validate that the appropriate security controls are in place.
A dedicated team will monitor and update the service to ensure it evolves to remain resilient to emerging threats and is supported by a security operations capability. While no system can be entirely risk free, we are confident that we have taken the right steps to protect the service and its users.
Responsibility for disaster recovery planning for digital systems lies with Justice Digital rather than the LAA. Prior to the cyber- attack there was no digital disaster recovery plan in place. However, had we had a fully funded disaster recovery system, any immediate restoration would have simply restored the systems without resolving the vulnerabilities that enabled the cyber- attack to occur. Justice Digital now have a new Service Owner structure in place where clear Service Standards will be defined and monitored. This will include digital disaster recovery plans for each digital product.
Prior to the cyber- attack the LAA had in place prepared business continuity plans for business-critical processes and services to ensure that access to justice could be maintained in the event of a system outage. These plans were tried and tested, and we were confident that the measures would be effective for our initial response. These measures gave us sufficient time to design and implement longer term measures to meet the specific needs of the incident that were introduced in June 2025.
At every stage, we have acted to protect public access to justice and to support providers in delivering legal aid. We have achieved this without affecting court backlogs or police station activity.
Our business continuity planning was effective in maintaining access to justice from the outset of the attack and the need to have longer term options in place is one of the lessons that we have taken from this incident.
A formal lessons learned approach will systematically analyse lessons from the Ministry of Justice’s and LAA’s preparation for and response to the cyber-attack. This work will cover pre-incident risk management and the response to the incident itself. This will inform future resilience planning, governance improvement and risk mitigation strategies across the Ministry of Justice and its agencies.
Asked by: Marie Rimmer (Labour - St Helens South and Whiston)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, after the April 2025 data breach of the Legal Advice Agency, what specific steps have been taken, and what further measures are planned, to ensure that a similar security breach does not occur again.
Answered by Sarah Sackman - Minister of State (Ministry of Justice)
We take the security of people’s personal data extremely seriously.
Firstly, to ensure transparency about the cyber- attack and that we reached as many potentially impacted individuals as possible, the Ministry of Justice published a notice shortly after it became aware of the criminal cyber-attack at 08:15 on 19 May on GOV.UK
The notice provided information about the cyber-attack and directed concerned members of the public to the National Cyber Security Centre’s webpage, which contained information on how to protect against the impact of a data breach.
The Legal Aid Agency (LAA) also set up dedicated Customer Services support via a telephone line and email for providers and clients who had concerns regarding the data breach. We did not write to all clients, to all the addresses that we had, because some of those addresses would no longer be current, and that would potentially create another data breach in itself.
The published statement referred to above sets out information about who may have been impacted and the nature of the information which may have been accessed. As far as we are aware, no data has been shared or put out in the public domain. An injunction has been put in place to prohibit sharing of this data. Anyone who does so could be sent to prison. If it is identified that a specific individual is at risk, action will be taken to try to contact them.
In the interests of security, we cannot confirm the method by which unauthorised access was gained to the LAA’s online digital systems or details about specific steps taken or measures implemented to protect LAA systems against any future cyber-attacks.
Security of the new systems has been paramount as we have rebuilt the LAA’s digital systems following the attack. The compromised digital portal has been replaced by a new, secure single sign-in tool for LAA online services (SiLAS). SiLAS has been designed and built in line with UK government and industry best practice for secure development. Security has been included from the ground up, including multi factor authentication, with independent testing activities to validate that the appropriate security controls are in place.
A dedicated team will monitor and update the service to ensure it evolves to remain resilient to emerging threats and is supported by a security operations capability. While no system can be entirely risk free, we are confident that we have taken the right steps to protect the service and its users.
Responsibility for disaster recovery planning for digital systems lies with Justice Digital rather than the LAA. Prior to the cyber- attack there was no digital disaster recovery plan in place. However, had we had a fully funded disaster recovery system, any immediate restoration would have simply restored the systems without resolving the vulnerabilities that enabled the cyber- attack to occur. Justice Digital now have a new Service Owner structure in place where clear Service Standards will be defined and monitored. This will include digital disaster recovery plans for each digital product.
Prior to the cyber- attack the LAA had in place prepared business continuity plans for business-critical processes and services to ensure that access to justice could be maintained in the event of a system outage. These plans were tried and tested, and we were confident that the measures would be effective for our initial response. These measures gave us sufficient time to design and implement longer term measures to meet the specific needs of the incident that were introduced in June 2025.
At every stage, we have acted to protect public access to justice and to support providers in delivering legal aid. We have achieved this without affecting court backlogs or police station activity.
Our business continuity planning was effective in maintaining access to justice from the outset of the attack and the need to have longer term options in place is one of the lessons that we have taken from this incident.
A formal lessons learned approach will systematically analyse lessons from the Ministry of Justice’s and LAA’s preparation for and response to the cyber-attack. This work will cover pre-incident risk management and the response to the incident itself. This will inform future resilience planning, governance improvement and risk mitigation strategies across the Ministry of Justice and its agencies.