The UK’s Legal Aid Agency is among the latest high profile examples of a cyber-attack resulting in a significant data breach. The incident is all the more worrying because of the sensitive nature of the data accessed in the attack.
The Ministry of Justice reported in May 2025 that a “significant amount of personal data” of people who applied online to the Legal Aid Agency since 2010, including criminal records, was accessed and downloaded in a cyber-attack in April 2025.
Media reports on the incident suggest that more than two million pieces of information were taken, including details of domestic abuse victims, people involved in family cases and those facing criminal prosecution.
The Ministry of Justice confirmed that the data may have included addresses of applicants, dates of birth, national ID numbers, criminal history, employment and financial data such as debts and payments.
The recurring problem with data beaches of highly sensitive and special category data is not just the immediate exposure and vulnerabilities caused, it is the unknown future illicit uses of the stolen data, which can be surprising and very harmful to all involved.
ПОПУЛЯРНЫЕ СТАТЬИ
Бесплатные шаблоны и примеры для скачивания
ПОПУЛЯРНЫЕ ШАБЛОНЫ
Пример заполненного реестра рисков
Анализ рисков методикой галстук-бабочка
