Hackers have stolen a ‘significant amount of personal data’ from the Ministry of Justice (MoJ).
The personal data of people who applied to the Legal Aid Agency since 2010, including criminal records, was accessed and downloaded in a cyber attack in April this year, the MoJ has said.
The group that carried out the attack has claimed it accessed 2.1 million pieces of data but the MoJ has not verified that figure, it is understood.
The Government became aware of a cyber attack on the Legal Aid Agency’s online digital services on April 23, but realised on Friday that it was more extensive than originally thought.
The data accessed may include contact details and addresses of legal aid applicants, their dates of birth, national insurance numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments.
The LAA’s online digital services, which are used by legal aid providers to log their work and get paid by the Government, have been taken offline.
An MoJ source put the breach down to the ‘neglect and mismanagement’ of the previous government, saying vulnerabilities in the Legal Aid Agency systems have been known for many years.
Hackers have stolen a ‘significant amount of personal data’ from the Ministry of Justice (MoJ) in the yet another cyber-attack (Pictured: Ministry of Justice building)
The personal data of people who applied to the Legal Aid Agency since 2010, including criminal records, was accessed and downloaded in a cyber attack in April this year, the MoJ has said (Pictured: Ministry of Justice building)
‘This data breach was made possible by the long years of neglect and mismanagement of the justice system under the last government.
‘They knew about the vulnerabilities of the Legal Aid Agency digital systems, but did not act,’ the source said.
The MoJ is urging anyone who has applied for legal aid since 2010 to be alert for unknown messages and phone calls and to update any passwords that could have been exposed.
The ministry has been working with the National Crime Agency and the National Cyber Security Centre, and has informed the Information Commissioner.
Legal Aid Agency chief executive Jane Harbottle apologised for the breach.
‘I understand this news will be shocking and upsetting for people and I am extremely sorry this has happened.
‘Since the discovery of the attack, my team has been working around the clock with the National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency.
‘However, it has become clear that, to safeguard the service and its users, we needed to take radical action. That is why we’ve taken the decision to take the online service down,’ she said.
Ms Harbottle said contingency plans are in place to make sure those in need of legal support and advice can continue to access it.
Customer data was stolen from Marks & Spencer after a gang of hackers, believed to be the from the Scattered Spider group, got into the retailer’s IT systems via a contractor in April
Empty shelves inside an Marks & Spencer store in Paddington, London, on April 29
Stock availability across stores is expected to return to normal this week
The Ministry of Justice said it became aware of a cyber-attack on the Legal Aid Agency’s online digital services on April 23 and then became aware the incident was ‘more extensive than originally understood’ on May 16.
An MoJ spokesperson said: ‘We believe the group has accessed and downloaded a significant amount of personal data from those who applied for legal aid through our digital service since 2010.
‘This data may have included contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments.
‘We would urge all members of the public who have applied for legal aid in this time period to take steps to safeguard themselves. We would recommend you are alert for any suspicious activity such as unknown messages or phone calls and to be extra vigilant to update any potentially exposed passwords.
‘If you are in doubt about anyone you are communicating with online or over the phone you should verify their identity independently before providing any information to them.’
A National Crime Agency spokesman said: ‘We are aware of a cyber incident affecting the Legal Aid Agency.
‘NCA officers are working alongside partners in the National Cyber Security Centre and MoJ to better understand the incident and support the department.’
Co-op was hit by a similar attack just days later when cyber crooks infiltrated their IT networks, apparently trying to extort money from the chain
It is understood Co-op quickly pulled the plug on its computer system not long after receiving advice from M&S
It is the latest in a wave of cyber-attacks to hit the UK with the likes of M&S, Co-op, Harrods and Dior targeted in the last two months.
It is believed hacking group Scattered Spider attempted to upload malicious software using the cybercrime service DragonForce, to various British companies.
Customer data was stolen from Marks & Spencer after a gang of hackers got into the retailer’s IT systems via a contractor in April.
They were able to go undetected in the supermarket chain’s system for up to 52 hours before the alarm was raised.
Once discovered, emergency response teams battled tirelessly to protect the beloved British store, frequented by up to 9.4million active customers, throughout a five-day ‘attack phase’.
It impacted stock with many empty shelves seen in M&S locations across the country and has since seen the retailer loose £1billion of value on the stock exchange.
Three weeks on and teams are still working around the clock to get the online shop back up and running.
It is understood that the M&S website could take weeks to go back online while stock availability across stores is expected to return to normal this weekend.
Harrods managed to thwart a cyber attack at the start of the month when their IT security team noticed the attempt and ‘immediately took proactive steps to keep systems safe’
The flagship store of Dior in Paris. The firm was founded by designer Christian Dior in 1946
Co-op was hit by a similar attack just days later when cyber crooks infiltrated their IT networks, apparently trying to extort money from the chain.
But after M&S was seriously compromised, Co-op staff spotted the attempted cyberattack in action and ‘yanked the plug’ on their own systems, the hackers told the BBC.
The group moved to limit the impact of the attack by shutting down some IT systems, including parts of its supply chain and logistics operations, resulting in disruption to deliveries.
Cyber criminals claimed to have the private information of 20 million people who signed up to Co-op’s membership scheme, but the firm has not confirmed the number.
The hackers told the BBC: ‘Co-op’s network never ever suffered ransomware. They yanked their own plug – tanking sales, burning logistics, and torching shareholder value.’
They added that they had successfully infiltrated Co-op’s systems and stole customer data, and had been in the process of uploading the malicious data when they were caught.
On Saturday, the chain said: ‘We are now in the recovery phase and are taking steps to bring our systems gradually back online in a safe and controlled manner.’
Luxury fashion brand Dior was attacked by cyber thugs over the weekend, with the company confirming customer data was accessed.
Hackers are thought to have taken personal details including full name, gender, phone number, email address, postal address and purchase history.
Dior has insisted no financial information was impacted as part of the breach, but it is not yet known how many customers and which countries were affected.
No passwords or payment information including bank account or card details were contained in the database affected by the incident, according to the company.
Harrods managed to thwart a cyber attack at the start of the month when their IT security team noticed the attempt and ‘immediately took proactive steps to keep systems safe’.
