Bar Council of England and Wales says working group will engage with LAA
The UK’s Legal Aid Agency (LAA) has discovered that the previously reported data breach was more serious than originally believed, with those responsible able to access information concerning legal aid applicants in England and Wales dating back to 2010.
On Apr. 23, the LAA learned about a cyberattack incident impacting its online digital services, which enabled legal aid providers to receive pay from the government for their logged work, according to a news release from the agency.
On Apr. 30, the LAA informed legal aid providers of the breach potentially involving some of their information, including financial details. The LAA took its portal offline for some time as it took steps to address the security of its system.
“I understand this news will be shocking and upsetting for people and I am extremely sorry this has happened,” said Jane Harbottle, the LAA’s chief executive officer, in the news release. “Since the discovery of the attack, my team has been working around the clock with the National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency.”
The LAA eventually took its online service – including its payment system for civil and family legal aid fees – fully offline to take “radical action” to protect the portal and its users after it learned on May 16 that the cyberattack was more extensive than initially thought.
The LAA said those responsible might have accessed legal aid applicants’ personal information, potentially including:
The LAA suggested that the affected legal aid applicants take steps to protect themselves, including through updating potentially exposed passwords and remaining vigilant in response to suspicious messages or phone calls from unknown persons. The LAA recommended independently verifying the identity of such persons before providing any information.
“We have put in place the necessary contingency plans to ensure those most in need of legal support and advice can continue to access the help they need during this time,” Harbottle said in the news release. “I am incredibly grateful to legal aid providers for their patience and cooperation at a deeply challenging time.”
The UK’s justice ministry investigated the incident alongside the country’s National Crime Agency and the National Cyber Security Centre, as well as notified the information commissioner.
Barbara Mills, chair of the Bar Council of England and Wales, met with Harbottle; Richard Atkinson, president of the Law Society of England and Wales; and Judge Deborah Taylor in the aftermath of the cyberattack incident.
In a news release, the council said the LAA advised that contingency measures were in place for solicitors seeking to file legal aid applications for civil and criminal matters. The council noted that barristers could use a different portal to submit fee claims even though the LAA might be unable to process them immediately in the wake of the incident.
The council shared that a working group – including representatives from the council and the law society, fees clerks, and software suppliers – would communicate with the LAA in connection with the data breach incident.
