The Target: The Legal Aid Agency, which is part of the UK’s Ministry of Justice, provides criminal and civil legal aid and advice to people in England and Wales.
The Take: The compromised data includes applicants’ contact details and addresses, dates of birth, national ID numbers, criminal history, and employment status, as well as financial information such as contribution amounts, payments, and debts.
The Vector: An investigation conducted with the aid of the National Crime Agency and National Cyber Security Centre revealed on May 16 that the intrusion was “more extensive than originally understood and that the group behind it had accessed a large amount of information relating to legal aid applicants”.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.