LONDON (Reuters) -A “significant” amount of personal data, including criminal records, of applicants who had applied for legal aid since 2010 was accessed and stolen in a cyber attack, Britain’s Legal Aid Agency said on Monday.
It said it became aware of the attack on April 23 and had worked with the National Crime Agency since.
On Friday, it discovered the attack had been more extensive than originally understood and the attackers had accessed information relating to legal aid applicants, forcing it to shut down its online services.
The agency said the group may have accessed applicants’ personal information including addresses, dates of birth, national ID numbers, and financial data such as contributions amounts, debts and payments.
“Since the discovery of the attack, my team has been working around the clock with the National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency,” said Jane Harbottle, chief executive officer of the Legal Aid Agency.
“However, it has become clear that to safeguard the service and its users, we needed to take radical action. That is why we’ve taken the decision to take the online service down.”
Harbottle added the agency, which is part of the Ministry of Justice, had contingency plans in place and those in need of legal support could continue to access help.
British retailers Marks and Spencer and Co-op were the target of cyber attacks in April, with hackers impersonating employees while contacting the retailers’ IT help desks, according to technology specialist site BleepingComputer.
M&S, which had suspended online orders, said earlier this month that some personal customer information was taken in the ransomware attack, where criminals infiltrate companies’ computer systems, encrypt them and demand payment before allowing them to resume control.
(Reporting by Sam Tabahriti; editing by Sarah Young and Paul Sandle)
