Legal Aid Agency Data Breach

Legal Aid Agency Data Breach

We were informed yesterday about the extent of the data breach which started to affect the Legal Aid Agency from April 23rd.  At first the breach was not understood to be as serious as it is, but we now understand from the advice received that this breach may affect past and present clients of our firm.

Since 2010 we have acted in criminal defence matters and family matters including child care.

We ceased all criminal defence work in 2012 when all our matters were transferred to https://www.djmssolicitors.co.uk/

This breach has occurred in the government IT system for the Ministry of Justice and the Legal Aid Agency and does not affect the information held by us at Hannays Solicitors and Advocates.

We understand from the Legal Aid Agency that the information taken might also allow cyber-criminals to impersonate past or present employers or any other organisation mentioned in the information that has been stolen, including past or present staff of Hannays Solicitors.

If you receive a communication and you are not sure about whether it is  genuinely from us, please call us on the number that appears on our website or on the letters you received from us while your case was active.  Don’t use any of the numbers or email addresses in the communication you received, as you may end up corresponding with the cyber-criminals.

Remember it is very unusual for the Legal Aid Agency to contact any client directly.

We will update this page if we receive further information from the LAA.

The government has released this statement:

Legal Aid Agency Data Breach

An update following a cyber-attack on the Legal Aid Agency’s online digital services has been published on:

Legal Aid Agency    https://www.gov.uk/government/organisations/legal-aid-agency  and Ministry of Justice  https://www.gov.uk/government/news/legal-aid-agency-data-breach

On Wednesday 23 April, we became aware of a cyber-attack on the Legal Aid Agency’s online digital services.

These are the services through which legal aid providers log their work and receive payment from the Government.

In the days following the discovery, we took immediate action to bolster the security of the system, and informed all legal aid providers that some of their details, including financial information, may have been compromised.

Since then, we have worked closely with the National Crime Agency and National Cyber Security Centre as well as informing the Information Commissioner.

On Friday 16 May we discovered the attack was more extensive than originally understood and that the group behind it had accessed a large amount of information relating to legal aid applicants.

We believe the group has accessed and downloaded a significant amount of personal data from those who applied for legal aid through our digital service since 2010.

This data may have included contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status and financial data such as contribution amounts, debts, and payments.

We would urge all members of the public who have applied for legal aid in this time period to take steps to safeguard themselves. We would recommend you are alert for any suspicious activity such as unknown messages or phone calls and to be extra vigilant to update any potentially exposed passwords. If you are in doubt about anyone you are communicating with online or over the phone, you should verify their identity independently before providing any information to them.

Jane Harbottle, Chief Executive Officer of the Legal Aid Agency, said:

I understand this news will be shocking and upsetting for people and I am extremely sorry this has happened.

Since the discovery of the attack, my team has been working around the clock with the National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency.

However, it has become clear that to safeguard the service and its users, we needed to take radical action. That is why we’ve taken the decision to take the online service down.

We have put in place the necessary contingency plans to ensure those most in need of legal support and advice can continue to access the help they need during this time.

I am incredibly grateful to legal aid providers for their patience and cooperation at a deeply challenging time.”

We will provide further updates shortly.

Further information on how to protect yourself from the impact of a data breach can be found on the NCSC website:  https://www.ncsc.gov.uk/guidance/data-breaches

What should you do if you think your information might be affected?

Look at the guidance available on the NCSC website:
https://www.ncsc.gov.uk/guidance/data-breaches

Passwords

The first thing to do is to change any passwords you have on any other accounts (banks, email, e-commerce etc.,) that are:

  • The same as any password you provided as part of a Legal Aid application
  • Similar to any such password (e.g. same word with a different number after it)
  • Based on personal information that has potentially been taken such as;

– your name or that of a family member,

– address,

– date of birth (yours or anyone else mentioned in your Legal Aid application),

–  NI numbers etc.

Scamming

It is very unusual for the Legal Aid Agency to contact individuals directly, so please be very careful if anyone claiming to be from the Legal Aid Agency contacts you. You should not give out any personal information until you have made sure that any request is genuine. Criminals who have information taken from the LAA may pretend to be from the LAA offering refunds or chasing payments.

The Legal Aid Agency customer contact number is 0300 2002020 so you can call to make sure any communication you receive is genuine.