The UK Ministry of Justice has confirmed that a “significant amount of personal data” of legal aid applicants dating as far back as 2010 has been stolen in a data breach. The ministry is working on alerting affected individuals.
The attack was detected on April 23, but further investigation revealed that the damage was far more extensive than previously believed. As is usually the case with data breaches, each individual is affected in a different capacity. Leaked data could include the following:
- Name, birthdays, and contact details
- Home addresses
- National ID numbers
- Criminal records
- Employment status
- Financial data, including contribution amounts, debts, and payments
The Ministry of Justice hasn’t revealed the total number of people affected. It also hasn’t revealed the nature of the attack. That said, the manner of the attack points towards a potential ransomware or data extraction attack where hackers steal sensitive information and try to extort the owners later. Candid.Technology hasn’t seen any major ransomware group take responsibility for the attack yet.
The Register quotes the PA news agency as claiming that nearly 2.1 million data points were stolen. However, the MoJ hasn’t officially confirmed this yet. It’s also difficult to determine the exact number of individuals affected, as each case can involve more than one individual. Regardless, anyone who applied for legal aid in the UK between 2010 and 2025 should remain vigilant against spam and phishing messages. Updating passwords is also recommended.
A data breach in the legal sector can be way more devastating than a corporate breach. Not only do hackers get access to payment and identity information, which can be used to carry out financial fraud or identity theft, they also have sensitive information like criminal records, which can be used to extort individuals instead of the organisation where the data was breached.
In the News: Mozilla patches exploited Firefox bugs
