Cyber Incident Victim: Legal Aid Agency

The cyberattack on the Legal Aid Agency (LAA) began on New Year’s Eve 2024 when attackers exploited vulnerabilities in the agency’s online portal to breach its security systems. The intrusion remained undetected until April 2025, when officials discovered unauthorized access. Following the discovery, the LAA initiated an extensive shutdown of digital services starting in May 2025 to contain the breach. Ministers confirmed that attackers had compromised a broad range of data, including information on legal aid providers and sensitive personal details of citizens who had applied for legal support over a 15-year period. This data exposure represented a significant breach of privacy and operational security, affecting both institutional stakeholders and individual applicants. The prolonged service shutdown disrupted legal aid processes, forcing the agency to implement business continuity measures to maintain critical functions while systems were offline.

Recovery efforts commenced with a phased restoration of services in September 2025. By January 2026, all legal aid providers had transitioned to a new identity management system integrated into the LAA’s digital portal, enabling the agency to decommission most temporary continuity measures. Courts Minister Sarah Sackman reported that platforms supporting crime applications and crime billing had been restored, along with the main civil legal aid system. The incident accelerated the LAA’s modernization agenda, with ministerial directives to replace restored systems with resilient technology. Ministry of Justice Chief Digital and Information Officer Mark Thompson acknowledged the attack’s disruptive impact but noted it expedited policy and operational changes that otherwise might have taken years to implement. The restoration process addressed legacy technical and procedural challenges, reinforcing the agency’s focus on long-term transformation alongside immediate recovery.