Outdated technology known to be vulnerable to cyber-attacks is still being relied upon in the criminal court estate, the Gazette has learned.

According to a freedom of information response, more than £14m has been spent on upgrading Wi-Fi and video equipment across the criminal court estate since 2016 under the HM Courts & Tribunals Service reform programme.

Yet despite this investment, Windows XP, Microsoft’s obsolete operating system, which is not being updated with security patches, is still in use in the criminal court estate.

In 2017, operators of Windows XP systems fell victim to the WannaCry virus, a worldwide cyber-attack. This ransomware attack, later blamed on North Korean hackers, caused users to be locked out of their computers, with error messages asking for the cryptocurrency Bitcoin in order to regain access. At the time, the NHS was heavily criticised for operating the then 16-year-old Windows XP system.

Yet, three years on, and despite efforts to phase out XP, HMCTS still appears to have systems running on the software. A spokesperson said last week:  ‘We can confirm that the use of Windows XP is being phased out during the reform programme and HMCTS now has limited reliance on this product.’  

The question arises as to why the court estate, which contains a plethora of personal data on individuals, still deploys a system that can be vulnerable to cyber-attacks.

Last year the MoJ suffered the highest number of cyber-attacks since the reform programme was initiated. HMCTS suffered 4,577 data incidents in 2019/20, the highest number of incidents recorded since this information started being collected in 2017, and an increase of 2,114 incidents from the previous year.

The MoJ spokesperson declined to reveal details of cyber-security measures, saying:  ‘We are currently upgrading many of our systems, and the department is constantly working on improvements. We cannot discuss the specifics of our systems, but there is robust security in place as well as a specialist team constantly checking for threats.’