The Legal Aid Agency has released an update on April's cyber attack.
The Agency became aware of a cyber attack on its online digital services on Wednesday 23 April.
These are the services through which legal aid providers log their work and receive payment from the Government.
Following the attack, the agency took immediate action to bolster the security of the system, and informed all legal aid providers that some of their details, including financial information, may have been compromised.
Since then, they have been working with the National Crime Agency and National Cyber Security Centre and informed the Information Commissioner.
On 16 May, it was discovered that the attack was more extensive than originally thought and the attackers had accessed a large amount of information related to legal aid applicants.
It is believed the group accessed and downloaded a significant amount of personal data from those who applied for legal aid through the digital service between 2007 and 16 May 2025 when the systems were taken offline. This data may have included contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments.
Members of the public who have applied for legal aid in this time period are urged to take steps to safeguard themselves. They are recommended to be alert for any suspicious activity such as unknown messages or phone calls and to be extra vigilant to update any potentially exposed passwords.
An injunction is in place to prohibit sharing of this data.