The Legal Aid Agency data breach—a wake-up call for cybersecurity in public services
Corporate Crime analysis: In April 2025, the Legal Aid Agency (LAA), a cornerstone of the UK’s justice system, became the latest victim in a growing wave of cyberattacks targeting both public and private institutions. The breach, which the Ministry of Justice (MoJ) later confirmed, involved the theft of a ‘significant amount’ of sensitive personal data—including information relating to domestic abuse victims, individuals involved in family law disputes, and those facing criminal prosecution. The scale of the breach is staggering; more than two million pieces of data were reportedly accessed, with records dating back to 2010. This incident is not isolated. It follows closely on the heels of cyberattacks on major UK retailers such as Marks & Spencer, Harrods, and the Co-op, all of which suffered operational disruptions and financial losses. But the LAA breach is particularly alarming due to the nature of the data involved and the vulnerability of the individuals affected. It raises urgent questions about the resilience of public sector digital infrastructure and the broader implications of cybercrime in an increasingly interconnected world. Written by Charlotte Hill, Partner at Penningtons Manches Cooper LLP.