A data breach that forced the Legal Aid Agency to take down its application and payment portal for lawyers was more serious than the Ministry of Justice first realised, it has emerged.
The LAA’s online portal was taken offline in May after the MoJ discovered that legal aid applicants’ personal data dating back to 2010 had been accessed.
On Thursday, the LAA and MoJ revealed the hack was bigger than first thought. An update added to their announcement of the breach said: ‘We have updated the notice to reflect that further investigations have shown that some data going back to 2007 may have been accessed as well as information linked to the partners of applicants. Previously we stated the data went back to 2010.’
The data breach has caused months of disruption for practitioners, who have been grappling with the LAA’s growing list of contingency measures.
Earlier this week, providers were told that a new portal will arrive in September. The new ‘identity access management solution’ will be called Sign into Legal Aid Services. However, precisely what services will be available to practitioners when the system goes live remains unclear.
The ministry told the Gazette that it is working to restore core systems and services, including the benefits checker, as a matter of priority. Services will return ‘in phases’.
Read more
The House of Commons justice select committee will examine the LAA and MoJ’s response to the cyber-attack as part of its major access to justice inquiry.
Committee chair Andy Slaughter submitted several parliamentary questions about the cyber-attack to ministers, ranging from means test reforms to data retention, billing, and whether the old system is being rebuilt or replaced with a brand-new system.
Justice minister Sarah Sackman said the data breach had affected the implementation and delivery of intended legal aid fee uplifts and that her department was ‘working at pace to operationalise those commitments’. She was unable to confirm when the system will be fully restored.
Law Society president Richard Atkinson said it was worrying that data going back 18 years 'was being held on antiquated IT systems that were evidently vulnerable to attack'.
Atkinson said a fully operational system needed to be up and running as soon as possible, 'otherwise more firms will be forced out of this crucial work which can make the difference between having a home and homelessness or give stability for children navigating family separation'.
Atkinson also called for compensation for the extra unpaid administrative work that firms have had to do as a result of the cyber-attack, as well as for the administrative burden they will face when they have to upload a backlog of material to the new system. Chancery Lane has raised the issue of compensation with government officials.
2 Readers' comments