'Significant amount' of private data stolen in UK Legal Aid hack
34 comments
·May 19, 2025moreati
Urahandystar
The UK government does not pay ransomware and advises private businesses not to also. https://www.ncsc.gov.uk/section/respond-recover/ml-ransomwar...
blitzar
The official positions of Governments is counter to the actual behaviour in many many circumstances.
blitzar
> Looks like they were doing everything on AWS for about 6 years.
Ransomed by Jeff Bezos.
echelon_musk
Ransom refers to when a person or thing is released, not when it's taken.
Do you mean stolen by Jeff Bezos, or to imply that AWS has another copy of the data?
celticninja
They are not going to pay anything I guarantee it. There is no randomware. They shut their services down before the attacker could deploy ransomware although the attacker likely accessed data.
alias_neo
> likely accessed data
There's nothing "likely" about it.
> On Friday 16 May we discovered the attack was more extensive than originally understood and that the group behind it had accessed a large amount of information relating to legal aid applicants.
> We believe the group has accessed and downloaded a significant amount of personal data from those who applied for legal aid through our digital service since 2010.
> This data may have included contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments.
source: https://www.gov.uk/government/news/legal-aid-agency-data-bre...
egorfine
> she understood the news "will be shocking and upsetting for people".
And that's about it. No repercussions will take place.
buserror
It is entirely possible the IT was outsourced to the highest bidder, probably with limited liability clauses etc etc. See Post Office for reference, they are still reaping contract money out of the government, years after having been proven as responsible for ruining people's lives for decades, and coverups.
taffynay
Governments outsource to the lowest bidder. Whoever can do the job for the cheapest.
tgv
Your comment is against the site rules on first sight, but it’s at the core of the problem: strong regulation, surveillance and punishment are sorely lacking.
celticninja
Who do you want to punish exactly?
aaronmdjones
Cases like this usually boil down to one of three things:
1) Someone left an unpatched server exposed to the Internet for months with a known critical vulnerability.
2) Someone uploaded the data to a world-readable S3 bucket or similar, or left it in an Internet-accessible database server with no authentication.
3) Someone with administrative credentials was using the password "password1!" or similar with no two-factor authentication.
In an ideal world (not the world we live in), in these cases, that someone would be prosecuted for gross negligence.
egorfine
Me personally I would like to set on fire the very people who begin to consider an upgrade to a major Windows version not earlier than it goes out of extended support.
kmlx
just in case people are not aware what "legal aid" or what "Legal Aid Agency" are:
> Legal aid is the provision of assistance to people who are unable to afford legal representation and access to the court system. Legal aid is regarded as central in providing access to justice by ensuring equality before the law, the right to counsel and the right to a fair trial.
> The Legal Aid Agency is an executive agency of the Ministry of Justice (MoJ) in the United Kingdom. It provides both civil and criminal legal aid and advice in England and Wales.
> The Legal Aid breach is, I’m told, a ransomware/extortion group (not mentioned in the notice). If it looks like the UK gov are going to pay, or pay via third party, this one will become a megathread. https://www.gov.uk/government/news/legal-aid-agency-data-bre... -- https://cyberplace.social/@GossiTheDog/114533584686916433
Note Gossi's "If". There's no indication so far wrt possible payment.