Hackers breached LAA system four months before attack

Hackers breached the Legal Aid Agency’s digital services four months before the organisation became aware of the cyber attack, it has emerged.

Practitioners have endured months of disruption after hackers targeted LAA systems required to log work and get paid, forcing the agency to take its systems down.

The LAA announced on 19 May that it became aware of the cyber attack on Wednesday 23 April. The Legal Aid Agency’s latest annual report, published this week, has revealed that systems were breached in December 2024.

The report says: ‘The cyber attack detected in April 2025 was reported to the ICO and our investigation into the attack has shown that systems were breached from December 2024 with data being exfiltrated from January 2025.’

A Ministry of Justice spokesperson told the Gazette: ‘We understand the challenges this situation presents for legal aid providers - we are working as fast as possible to restore our online systems and have put in place contingencies to allow legal aid work to continue safely with confidence.

‘We’ve introduced interim payments for civil cases and resumed payments for criminal cases and we’re fast-tracking urgent civil applications, and backdating criminal applications made during this period.’

The cyber attack unsurprisingly dominated audience questions at the Legal Aid Practitioners Group’s annual conference on Monday.

LAA deputy chief executive Hitesh Patel told the conference that crime systems are now online but the main systems for civil legal aid work, such as CCMS, will not be up and running until mid-November. Patel said the LAA would not be communicating everything being done to restore the system ‘because these are the things we do not want to communicate to the outside world, to the cyber attackers’.

Senior officials from the LAA and Ministry of Justice will be appearing before the House of Commons public accounts committee this morning to answer questions on the aftermath of the cyber attack.