A “significant amount” of private data including details of domestic abuse victims has been hacked from Legal Aid’s online system.
The Ministry of Justice said the agency’s services were hacked in April and data dating back to 2010 was downloaded. The BBC understands that more than two million pieces of information were taken.
The breach covers all areas of the aid system – including domestic abuse victims, those in family cases and others facing criminal prosecution.
“This data may have included… addresses of applicants, dates of birth, national ID numbers, criminal history, employment and financial data such as… debts and payments,” the MoJ said.
The agency’s chief executive Jane Harbottle apologised, saying she understood the news “will be shocking and upsetting for people”.
Justice minister Sarah Sackman told the House of Commons that there was no indication as yet that any other government systems had been affected by the breach.
The MoJ said that while the initial cyber-attack was detected in April, it has since become apparent that the incident was “more extensive than originally understood”.
It also warned the public to be alert for any suspicious activity, including unknown messages or phone calls, and to update any potentially exposed passwords.
“If you are in doubt about anyone you are communicating with online or over the phone you should verify their identity independently before providing any information to them,” it said.
The ministry said it was working with the National Crime Agency and the National Cyber Security Centre, and has informed the Information Commissioner.
Legal aid is offered to cover the costs of legal advice, family mediation and representation in a court or tribunal for those who qualify.
This includes those who are at risk of abuse or serious harm, discrimination, forced marriage, as well as those defending themselves in criminal cases.
The Legal Aid Agency’s online digital services, which are used by legal aid providers to log their work and get paid by the government, have been taken offline.
The Law Society, which represents the legal profession, said the MoJ needed to “get a grip of the situation immediately” and notify all those affected individually.
“It is extremely concerning that members of the public have had their personal data compromised,” it added.
The agency is the latest victim in a series of recent cyber-attacks that have caused mass disruption.
Earlier this month, luxury department store Harrods said it had “restricted internet access at our sites” following an attempt to gain access to its systems.
An attack on Marks & Spencer in April caused it to lose out on millions of pounds of sales and left it struggling to get services back to normal.
A similar incident at the Co-op forced it to shut down parts of its IT systems and disrupted deliveries of fresh stock.
