Asked by: Chris Bloore (Labour - Redditch)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, whether the Legal Aid Agency informed the Information Commissioner’s Office of the April 2025 data breach within the required statutory timescale; what investigations have been launched by her Department or the ICO into the breach; and whether her Department plans to commission an independent review into the handling of the cyber-attack and the subsequent response by the Legal Aid Agency.
Answered by Sarah Sackman - Minister of State (Ministry of Justice)
To ensure we reached as many potentially impacted individuals as possible, the Ministry of Justice published a notice as swiftly as possible at 08:15 on 19 May on GOV.UK.
The statement provides information about the cyber-attack and directs concerned members of the public to the National Cyber Security Centre’s webpage, which contains information on how to protect against the impacts of a data breach. If it is identified that a specific individual is at risk, action will be taken to try to contact them.
The published statement referred to above sets out information about who may have been impacted and the categories of data exfiltrated. It remains the case that there is no evidence to suggest that any of the data accessed has been published.
The recent data breach is the result of serious criminal activity, but it was enabled by the fragility of the LAA’s IT systems as a result of long term underinvestment under the last Conservative Government. By contrast, since taking power this Government has prioritised work to reverse the damage of over a decade of under-investment. That includes the allocation of over £20 million in extra funding this year to stabilise and transform the Legal Aid Agency digital services. This investment will make the system more robust and resilient in the face of similar cyber-attacks in future.
The Legal Aid Agency is complying with all legal and regulatory requirements arising from the cyber-attack. The current priority is the restoration of services and the prevention of future attacks. Once we can be assured that our legal aid services are operating properly and handling people’s data in a safe way, there will need to be a stocktake and an effort to learn lessons.
It is too early to comment on what remedial actions, if any, may be appropriate for impacted individuals, whether clients or providers.
Asked by: Chris Bloore (Labour - Redditch)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, what steps her Department and the Legal Aid Agency have taken to notify individuals whose personal data was compromised in the April 2025 cyber-attack; whether the Legal Aid Agency has notified affected people directly; and what criteria are being used by the Legal Aid Agency to determine which people are contacted following the breach.
Answered by Sarah Sackman - Minister of State (Ministry of Justice)
To ensure we reached as many potentially impacted individuals as possible, the Ministry of Justice published a notice as swiftly as possible at 08:15 on 19 May on GOV.UK.
The statement provides information about the cyber-attack and directs concerned members of the public to the National Cyber Security Centre’s webpage, which contains information on how to protect against the impacts of a data breach. If it is identified that a specific individual is at risk, action will be taken to try to contact them.
The published statement referred to above sets out information about who may have been impacted and the categories of data exfiltrated. It remains the case that there is no evidence to suggest that any of the data accessed has been published.
The recent data breach is the result of serious criminal activity, but it was enabled by the fragility of the LAA’s IT systems as a result of long term underinvestment under the last Conservative Government. By contrast, since taking power this Government has prioritised work to reverse the damage of over a decade of under-investment. That includes the allocation of over £20 million in extra funding this year to stabilise and transform the Legal Aid Agency digital services. This investment will make the system more robust and resilient in the face of similar cyber-attacks in future.
The Legal Aid Agency is complying with all legal and regulatory requirements arising from the cyber-attack. The current priority is the restoration of services and the prevention of future attacks. Once we can be assured that our legal aid services are operating properly and handling people’s data in a safe way, there will need to be a stocktake and an effort to learn lessons.
It is too early to comment on what remedial actions, if any, may be appropriate for impacted individuals, whether clients or providers.
Asked by: Chris Bloore (Labour - Redditch)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, how many people were impacted by the cyber-attack on the Legal Aid Agency’s IT systems on 23 April 2025; what categories of (a) personal and (b) sensitive data were (i) accessed and (ii) taken; and what security measures were in place to protect the data of Legal Aid applicants prior to the breach.
Answered by Sarah Sackman - Minister of State (Ministry of Justice)
To ensure we reached as many potentially impacted individuals as possible, the Ministry of Justice published a notice as swiftly as possible at 08:15 on 19 May on GOV.UK.
The statement provides information about the cyber-attack and directs concerned members of the public to the National Cyber Security Centre’s webpage, which contains information on how to protect against the impacts of a data breach. If it is identified that a specific individual is at risk, action will be taken to try to contact them.
The published statement referred to above sets out information about who may have been impacted and the categories of data exfiltrated. It remains the case that there is no evidence to suggest that any of the data accessed has been published.
The recent data breach is the result of serious criminal activity, but it was enabled by the fragility of the LAA’s IT systems as a result of long term underinvestment under the last Conservative Government. By contrast, since taking power this Government has prioritised work to reverse the damage of over a decade of under-investment. That includes the allocation of over £20 million in extra funding this year to stabilise and transform the Legal Aid Agency digital services. This investment will make the system more robust and resilient in the face of similar cyber-attacks in future.
The Legal Aid Agency is complying with all legal and regulatory requirements arising from the cyber-attack. The current priority is the restoration of services and the prevention of future attacks. Once we can be assured that our legal aid services are operating properly and handling people’s data in a safe way, there will need to be a stocktake and an effort to learn lessons.
It is too early to comment on what remedial actions, if any, may be appropriate for impacted individuals, whether clients or providers.
Asked by: Chris Bloore (Labour - Redditch)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, what support is being provided by (a) the Legal Aid Agency and (b) her Department to people whose data was compromised in the April 2025 cyber-attack; and whether those affected have been offered access to (i) credit monitoring, (ii) identity protection services and (iii) any other assistance.
Answered by Sarah Sackman - Minister of State (Ministry of Justice)
To ensure we reached as many potentially impacted individuals as possible, the Ministry of Justice published a notice as swiftly as possible at 08:15 on 19 May on GOV.UK.
The statement provides information about the cyber-attack and directs concerned members of the public to the National Cyber Security Centre’s webpage, which contains information on how to protect against the impacts of a data breach. If it is identified that a specific individual is at risk, action will be taken to try to contact them.
The published statement referred to above sets out information about who may have been impacted and the categories of data exfiltrated. It remains the case that there is no evidence to suggest that any of the data accessed has been published.
The recent data breach is the result of serious criminal activity, but it was enabled by the fragility of the LAA’s IT systems as a result of long term underinvestment under the last Conservative Government. By contrast, since taking power this Government has prioritised work to reverse the damage of over a decade of under-investment. That includes the allocation of over £20 million in extra funding this year to stabilise and transform the Legal Aid Agency digital services. This investment will make the system more robust and resilient in the face of similar cyber-attacks in future.
The Legal Aid Agency is complying with all legal and regulatory requirements arising from the cyber-attack. The current priority is the restoration of services and the prevention of future attacks. Once we can be assured that our legal aid services are operating properly and handling people’s data in a safe way, there will need to be a stocktake and an effort to learn lessons.
It is too early to comment on what remedial actions, if any, may be appropriate for impacted individuals, whether clients or providers.
Asked by: Chris Bloore (Labour - Redditch)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, whether her Department plans to introduce a panel of independent experts to review IPP cases to advise on resentencing.
Answered by Nicholas Dakin - Vice Chamberlain (HM Household) (Whip, House of Commons)
It is right that IPP Sentences were abolished.
The Government is determined to make progress towards safe and sustainable releases for those serving the IPP sentence, but not in a way that undermines public protection. Public protection will always be the top priority.
Resentencing through legislation to give every IPP prisoner a definite release date and post-release licence would result in offenders who are in custody being released irrespective of their remaining risk. This would be the case even where the independent Parole Board had determined, in many cases repeatedly, that they are too dangerous to be released. This would pose an unacceptable level of risk to victims and the public. For that reason, we are firmly of the view that those serving the IPP sentence in prison must satisfy the statutory release test before they are released.
The Justice Committee and various organisations have considered resentencing. None have identified an approach that would not involve too great a risk to the public. The Government also does not wish to give false hope to those serving the sentence by establishing an expert panel.
We do not therefore intend to undertake a resentencing exercise or set up an expert panel to advise on resentencing.
Asked by: Chris Bloore (Labour - Redditch)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, what steps her Department is taking to ensure that children's voices are included in family court cases.
Answered by Alex Davies-Jones - Parliamentary Under-Secretary (Ministry of Justice)
When deciding an issue relating to the upbringing of a child, the child’s welfare must be the court’s paramount consideration. The court must have regard for the wishes and feelings of the child, considered in light of the child’s age and level of understanding.
In most proceedings relating to a child, Cafcass or Cafcass Cymru will engage with children to establish their wishes and communicate these to the court. Cafcass and Cafcass Cymru social workers use various methods to ensure children can make their feelings and wishes clear to the court in their own words and will also submit their own professional analysis to the court.
We are implementing reforms to improve the family court experience for all users, including children. This includes the expansion of the Pathfinder pilot, which seeks to enhance the voice of the child and better support survivors of domestic abuse. The pilot launched in courts in Dorset and North Wales in 2022, expanded to Southwest Wales and Birmingham in 2024 and to Mid-West Wales on 3 March. Pathfinder will next launch in West Yorkshire on 3 June and this Government is committed to further expansion between April 2025 and March 2026.
Asked by: Chris Bloore (Labour - Redditch)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, whether their Department offers (a) paid time off work and (b) other support to employees who become kinship carers.
Answered by Alex Davies-Jones - Parliamentary Under-Secretary (Ministry of Justice)
The Ministry of Justice offers paid time off work, in the form of special leave, for kinship carers who have parental responsibility.
Special leave may be granted to employees who need time off work to attend to their caring responsibilities. It may be planned or unplanned, and paid or unpaid. Employees may request special leave for several reasons including:
where normal care arrangements break down and other arrangements must be made.
to care for a sick or injured child if no other arrangements can be made.
At the discretion of a manager, special leave may be granted for other personal reasons not mentioned above.
Kinship carers with parental responsibility also have a statutory entitlement to unpaid parental leave.
All Ministry of Justice employees who are kinship carers have access to:
a comprehensive flexible working policy which all employees can access via the intranet.
the employee assistance programme which offers a wide range of support to staff including confidential advice on personal, social or work-related problems.
a variety of staff networks aimed at people with caring responsibilities.