Cyber Incident Victim: Legal Aid Agency
Date:
Nov 2025
Location:
United Kingdom
Summary
The Legal Aid Agency reported a cyber security incident that may have exposed financial information of legal aid providers. The agency said it could not confirm what data was accessed but noted that payment details might have been compromised. It is working with the Ministry of Justice, the National Crime Agency and the National Cyber Security Centre to investigate and has taken steps to mitigate the impact. The organization oversees billions of pounds in legal aid funding for nearly two thousand solicitors’ firms, barristers, not‑profit groups and telephone operators across England and Wales, and employs about twelve hundred staff. An apology was issued to affected law firms while security measures are being strengthened.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Tuesday 6 May 2025 the Legal Aid Agency confirmed that it had been hit by a cyber security incident after identifying a security breach in its systems. The agency disclosed the incident in a letter sent to law firms the previous week, which was later seen by Sky News. In the letter the Legal Aid Agency stated that it had identified a security incident and noted that it was possible that financial information relating to legal aid providers may have been accessed by a third party. The agency emphasized that it could not confirm what, if any, information had actually been accessed but said that payment information might have been compromised. The notification prompted concern among the nearly two thousand legal aid providers contracted to deliver services in England and Wales.
The Legal Aid Agency is an executive agency sponsored by the Ministry of Justice and is responsible for administering legal aid funding, which amounted to approximately £2.3 billion in the 2023/24 financial year. It employs around 1,250 staff and operates from a head office in London with additional offices in towns and cities across England and Wales. The agency oversees billions of pounds worth of funding for criminal and civil cases and works with solicitors’ firms, barristers, not‑for‑profit organisations and telephone operators that deliver legal aid services. Because of the potential exposure of payment data, the incident raised worries about the financial security of the provider network.
In response, the Ministry of Justice said it was taking the breach extremely seriously and had already taken action to bolster the security of the legal aid system. The Ministry confirmed that it was working with the National Crime Agency and the National Cyber Security Centre to investigate the incident. A National Crime Agency spokesperson said that NCA officers were collaborating with partners in the NCSC and the Ministry of Justice to better understand the breach and support the department. The Legal Aid Agency’s letter stated that the incident was being investigated in accordance with its data security processes and that action had been taken to mitigate the situation, while offering sincere apologies for any concern caused. No connection was suggested between this incident and the contemporaneous cyber attacks on retailers such as Co‑op, Harrods and Marks & Spencer.