- Simplifying Zero Trust: How Cisco Security Suites Drive Value
- Mounting GenAI Cyber Risks Spur Investment in AI Security
- From Challenges to Strengths: A Journey of Resilience and Growth at Cisco
- China takes edge computing to orbit with first space-based processing network
- 6 hidden Android features that make my life easier - and that you're overlooking
Legal Aid Agency Admits Major Breach of Applicant Data
An April breach at the UK’s Legal Aid Agency resulted in the theft of a large volume of personal information belonging to applicants, including criminal records, the Ministry of Justice (MoJ) has admitted.
The agency, which provides citizens with access to vital civil and criminal legal services, first became aware of the attack on April 23. However, on Friday it discovered the extent of the breach was much greater than at first thought and has temporarily shut down its online services.
“We believe the group has accessed and downloaded a significant amount of personal data from those who applied for legal aid through our digital service since 2010,” it admitted.
“This data may have included contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments.”
Read more on Ministry of Justice breaches: UK Government Laptop Losses Soar 400%
That data could be useful for fraudsters looking to impersonate the agency in follow-on phishing attempts designed to steal more financial and personal information, or those seeking to commit identity fraud.
As a result, the agency is urging legal aid applicants since 2010 to be on the lookout for suspicious text messages, phone calls and emails, and to update any passwords. It added that users should independently verify the identity of anyone they’re communicating with over the phone or online before divulging any information.
Legal Aid Agency CEO, Jane Harbottle, apologized to those affected, admitting that it would be “shocking and upsetting” to victims.
“Since the discovery of the attack, my team has been working around the clock with the National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency,” she added.
“However, it has become clear that to safeguard the service and its users, we needed to take radical action. That is why we’ve taken the decision to take the online service down. We have put in place the necessary contingency plans to ensure those most in need of legal support and advice can continue to access the help they need during this time.”
The Ministry of Justice has a patchy track record when it comes to cybersecurity. A 2020 report claimed it had suffered 17 serious data breaches the preceding year, impacting over 120,000 people including staff.
