Question to the Ministry of Justice:

To ask His Majesty's Government what assessment they have made of the impact of the breach of security which allowed data to be stolen from the Legal Aid Agency, and what action they are taking to mitigate the damage which could ensue.

On Wednesday 23 April, the department became aware of a cyber-attack on the Legal Aid Agency’s online digital services.

In the days following the discovery, we took immediate action to bolster the security of the system, and informed all legal aid providers that some of their details, including financial information, may have been compromised.

Since then, we have worked closely with the National Crime Agency and National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency, as well as informing the Information Commissioner.

On Friday 16 May we discovered the attack was more extensive than originally understood and that the group behind it had accessed a large amount of information relating to legal aid applicants. It became clear that to safeguard the service and its users, we needed to take the online service down.

We have put in place the necessary contingency plans to ensure those most in need of legal support and advice can continue to access the help they need during this time.

The Ministry of Justice published a statement at 08:15 on the 19 May on GOV.UK. The statement provides information about the cyber attack and directs concerned members of the public to the National Cyber Security Centre’s webpage.

This data breach is the result of heinous criminal activity, but it was made possible by the long years of neglect and mismanagement of the justice system under the last Conservative Government. They knew about the vulnerabilities of the Legal Aid Agency digital systems, but did not act. By contrast, since taking office, this Government have prioritised work to reverse the damage of over a decade of under-investment. That includes the allocation of over £20 million in extra funding this year to stabilise and transform the Legal Aid Agency digital services. This investment will make the system more robust and resilient in the face of similar cyber-attacks in future.

The Legal Aid Agency launched a dedicated helpline on 27 May for members of the public who are concerned they may have been affected by the data breach.

To ensure that legal aid providers have the latest position with respect to legal aid applications and billing contingencies, and that affected parties can access the latest developments on the incident, the Legal Aid Agency has created a dedicated space with contingencies and useful resources: https://www.gov.uk/guidance/legal-aid-agency-cyber-security-incident.