A HACKER group have stolen a “significant” amount of personal data from the Ministry of Justice.
The cyber attack targeted the data of people who have applied for legal aid since 2010.
GettyA Ministry of Justice source blamed the previous government[/caption]
The MoJ said it was accessed and downloaded in April this year.
Information taken could include contact details and addresses, dates of birth, national insurance numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments.
The group that carried out the attack has claimed it accessed 2.1 million pieces of data but the MoJ has not verified that figure.
It comes after M&S revealed that customers’ personal information was stolen in a huge cyber attack.
The retail chain is still working hard to keep its stores up and running while dealing with the fallout.
The Government became aware of a cyber attack on the Legal Aid Agency’s online digital services on April 23, but realised on Friday that it was more extensive than originally thought.
The LAA’s online digital services, which are used by legal aid providers to log their work and get paid by the Government, have been taken offline.
An MoJ source put the breach down to the “neglect and mismanagement” of the previous government, saying vulnerabilities in the Legal Aid Agency systems have been known for many years.
“This data breach was made possible by the long years of neglect and mismanagement of the justice system under the last government.
“They knew about the vulnerabilities of the Legal Aid Agency digital systems, but did not act,” the source said.
The MoJ is urging anyone who has applied for legal aid since 2010 to be alert for unknown messages and phone calls and to update any passwords that could have been exposed.
The ministry has been working with the National Crime Agency and the National Cyber Security Centre, and has informed the Information Commissioner.
Legal Aid Agency chief executive Jane Harbottle apologised for the breach.
“I understand this news will be shocking and upsetting for people and I am extremely sorry this has happened.
M&S reveals customers’ personal information was STOLEN in major cyber attack update
By James Flanders
M&S has shared an important update about a big cyber attack, revealing that customers’ information has been stolen.
The retail chain is still working hard to keep its stores up and running while dealing with the fallout.
In a statement shared on Instagram, M&S announced: “As we continue to manage the current cyber incident, we have written to customers today to let them know that unfortunately, some personal customer information has been taken.
“Importantly, there is no evidence that the information has been shared and it does not include useable card or payment details, or account passwords, so there is no need for customers to take any action.
“To give customers extra peace of mind, they will be prompted to reset their password the next time they visit or log on to their M&S account and we have shared information on how to stay safe online.
“Everyone at M&S is working around the clock to get things back to normal for our customers as quickly as possible, and we are very sorry for any inconvenience they have experienced. Our stores remain open as they have throughout.
“Thank you for shopping with us and for your continued support, we are incredibly grateful.”
M&S has been facing widespread disruption following the cyber attack, which has impacted contactless payments, click-and-collect services, and online orders across the UK.
The problems began on Saturday, April 19, with customers unable to collect purchases or return items.
By Monday, April 21, M&S acknowledged the attack, apologised for the inconvenience, and engaged cybersecurity experts while notifying the National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO).
“Since the discovery of the attack, my team has been working around the clock with the National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency.
“However, it has become clear that, to safeguard the service and its users, we needed to take radical action. That is why we’ve taken the decision to take the online service down,” she said.
Ms Harbottle said contingency plans are in place to make sure those in need of legal support and advice can continue to access it.
A National Crime Agency spokesman said: “We are aware of a cyber incident affecting the Legal Aid Agency.
“NCA officers are working alongside partners in the National Cyber Security Centre and MoJ to better understand the incident and support the department.”
A spokesperson for the Information Commissioners’ Office also confirmed they were making inquiries after the MoJ reported the breach.
The Law Society president Richard Atkinson said the data breach is “extremely concerning”.
He said: “The incident once again demonstrates the need for sustained investment to bring the LAA’s antiquated IT system up to date and ensure the public have continued trust in the justice system.
“The fragility of the IT system has prevented vital reforms, including updates to the means test that could help millions more access legal aid, and interim payments for firms whose cashflow is being decimated by the backlogs in the courts, through no fault of their own. If it is now also proving vulnerable to cyber-attack, further delay is untenable.
“Legal aid firms are small businesses providing an important public service and are operating on the margins of financial viability. Given that vulnerability, these financial security concerns are the last thing they need.”
Co-op also faced a hacking attempt and was forced to shut down part of its IT system at the end of April.
It told staff at the time it had “taken proactive steps to keep our systems safe”.
However it was later reported that a “significant number” of the supermarket’s 6.2million customers and past members had their data stolen.
After Co-op, Harrods became the third retailer to report a hacking attempt.
EPAThe Ministry of Justice’s headquarters in London[/caption] Published: [#item_custom_pubDate]
