The UK Ministry of Justice has confirmed that a large volume of sensitive data, including criminal records, has been stolen from the Legal Aid Agency following a cyber attack that first came to light in April. The breach affects records held by the Legal Aid Agency’s online system dating back to 2010. Initially thought to be limited in scope, the incident has since been reclassified as significantly more severe than first reported.

While the Ministry has not officially confirmed the full scale, the group claiming responsibility has stated it accessed over two million data entries.

Related: Earth’s Core Isn’t Still: Scientists Discover Solid Rock Flow in the Deep Interior

Public Data at Risk

The compromised information includes personal contact details, addresses, birth dates, national identification numbers, and, in some cases, individuals’ criminal history, employment status, and financial data. The Ministry has warned anyone who applied for legal aid between 2010 and the present to remain vigilant. Applicants are being urged to reset passwords and watch for suspicious emails, calls, or online requests.

“Verify identities independently before sharing any information,” the MoJ advised. Jane Harbottle, chief executive of the Legal Aid Agency, issued an apology to those affected: “I understand this will be shocking and upsetting for people. We are treating this with the utmost seriousness.”

Government Systems Taken Offline

The LAA’s digital platform, which handles case tracking and payments for legal aid providers, has been temporarily shut down. It remains offline as cybersecurity investigations continue. The Ministry is now working closely with the National Cyber Security Centre, the National Crime Agency, and has notified the Information Commissioner’s Office.

Part of a Wider Pattern

This breach is the latest in a growing series of targeted attacks on major UK institutions. Earlier this month, Harrods restricted online access following an intrusion attempt. April saw disruptions at Marks & Spencer, with losses running into the millions. Around the same time, a breach at the Co-op led to IT shutdowns and delays in fresh stock deliveries.

Each incident has added to growing concerns about the resilience of key UK infrastructure against coordinated cyber threats. With government systems unable to thwart these attacks, Questions will inevitably follow about digital safeguards across the public sector, and whether they’re equipped to protect the data of millions.