An executive agency of the United Kingdom’s Ministry of Justice, the Legal Aid Agency (LAA), experienced a cyberattack. The attack was first reported by Sky News. 

The LAA, which oversees billions in legal funding, employs approximately 1,250 workers and runs the nation’s Public Defender Service. Around 2,000 providers in England and Wales (including non-profits, barristers, and solicitor firms) provide services for civil and criminal legal aid under contracts with the LAA. 

According to the letter sent by the agency, the payment information of legal aid providers may have been compromised. However, at this time, the agency cannot confirm if data was accessed. 

This incident, coming shortly after high-profile attacks against U.K. retail chains Co-op, Harrods, and Marks & Spencer (M&S), has caused some to question the state of the U.K.’s cyber infrastructure standards. 

Andrew Costis, Engineering Manager of the Adversary Research Team at AttackIQ, comments, “This incident is the latest in a series of major cybersecurity breaches to have rocked the U.K. in the past week, including the breaches of retail giants M&S, Co-op, and Harrods. The increase in high-profile attacks over such a short period of time has raised serious concerns about the U.K.’s cyber defense infrastructure. Organizations in the financial industry must prioritize proactive defense, with a strong focus on threat detection and response. By utilizing techniques like adversarial exposure validation, organizations can test their system's response to identify and address any vulnerabilities before they can be exploited.”