Legal Aid Agency cyber-attack: what we know now

The UK’s Legal Aid Agency (LAA) suffered a significant cyber-security incident in April 2025, forcing key digital systems offline and exposing sensitive personal data.

The LAA became aware of the attack on 23 April 2025 and took immediate action to take systems offline while investigations began.

The incident remains one of the most serious cyber-events to affect the UK justice system in recent years.

 

Data exposed and scope of the breach

 

The government’s frequently asked questions page states that attackers may have accessed personal data relating to legal aid applicants.

 

This includes names, contact details, dates of birth, national insurance numbers, criminal history and financial information.

 

Subsequent reporting suggests the breach may affect records dating back as far as 2007, expanding the number of individuals potentially impacted.

 

The Ministry of Justice has confirmed that the Information Commissioner’s Office was notified and that affected individuals would be contacted where appropriate.

Why systems were taken offline

 

The Legal Aid Portal and related services were taken offline to allow forensic investigation and security remediation. The government has stated that this was necessary to reduce further risk and restore confidence in the integrity of the platform.

Is the system still down?

 

The official FAQ page remains live and continues to be updated, with the most recent update published in December 2025. This suggests the incident is still being actively managed.

While core services have been gradually restored, some functionality remains limited. Legal aid providers have continued to rely on contingency processes in certain areas.

Impact on legal professionals and clients

 

The cyber-attack has had a material operational impact across the legal aid sector. Law firms have reported delayed payments, increased administrative workload, and concerns about the long-term sustainability of smaller providers.

Professional bodies, including the Law Society, have called for clearer communication and faster stabilisation of digital services to protect access to justice. There are also early indications of potential legal action, with reports that affected individuals may pursue compensation claims linked to the breach.

 

Guidance for affected individuals

 

Government advice recommends that individuals who believe their data may have been compromised remain alert to suspicious communications, update passwords and take steps to protect their personal information.
Further guidance on responding to data breaches is available from the UK National Cyber Security Centre.