Aktuelles
Comment: UK MoJ Legal Aid Agency cyber attack
May 2025 by Sylvain Cortes, VP Strategy at Hackuity
According to the UK’s Ministry of Justice, a cyber attack on the UK government’s Legal Aid Agency’s online digital services led to “significant amounts of personal data” being stolen from people who had applied for legal aid since 2010. Sylvain Cortes, VP Strategy, Hackuity comments:
“Although not officially confirmed, reports that vulnerabilities in the Legal Aid Agency’s digital systems were allegedly known before the attack underscore a widespread issue: under-investment and mounting technical debt in cybersecurity.
Often, organisations deprioritise preventive action, assuming they can delay investment without consequence. But just one unpatched vulnerability can give threat actors a foothold, leading to serious data breaches and widespread impact.
A key responsibility of cybersecurity leadership is to define ownership of risk. When this isn’t clearly established, accountability defaults to the CISO. In reality, final responsibility lies with business leaders and executives who approve, or reject, the cybersecurity budgets and plans presented to them. If they choose not to act, they must also own the risk.
Ongoing visibility into vulnerabilities, and prompt remediation, is essential. It only takes one unpatched hole in the network for a threat actor to gain access, undetected, and from here they have the potential to steal large swathes of sensitive information. Cybersecurity isn’t a one-off project, it’s a continuous, strategic investment.
For now, those who applied for legal aid since 2010 should follow MoJ guidance: update exposed passwords and stay alert to suspicious emails or phone calls.”
