Legal Aid AgencyData Breach Claim
Have you applied for Legal Aid between 2007 and 2025? Your data could have been compromised in a significant data breach. Find out if you could be eligible to join the group action claim against the Legal Aid Agency and seek compensation.
We work with leading specialist law firms to help individuals claim compensation following the Legal Aid Agency data breach. You can check your eligibility online in under two minutes. If eligible, you can register your interest on a NO-WIN, NO-FEE* basis.
The first step in getting compensation
Sign up for a potential Legal Aid data breach claim to register your interest to be notified if the claim moves forward.
THE FACTS SO FAR
What do we know about the Legal Aid data breach?
The breach was initially believed to be limited, but the extent of the compromise was later described as 'more extensive than originally understood.'
The attack discovered in April 2025 actually began much earlier. Systems were first breached in December 2024, with data exfiltrated from January 2025.
According to media reports, over two million pieces of information dating back to 2007 may have been accessed and downloaded by the attackers.
Legal Aid Agency Chief Executive Jane Harbottle has issued a public apology, acknowledging that the breach may be 'shocking and upsetting' for those affected.
The data breach compromised sensitive data from hundreds of thousands of legal aid applicants and providers.
FREQUENTLYASKED QUESTIONS
The Legal Aid Agency became aware of a cyber attack on the 23rd of April 2025. By May, it became clear that the breach was far more extensive than expected, with the incident potentially affecting everyone who accessed legal aid through digital platforms since 2007. Since the breach, the government has admitted the Legal Aid Agency IT software was not fit for purpose and has been extremely vulnerable to attack for years. An injunction has been put in place to stop anyone publishing the personal information, and there is no evidence that the data has been published anywhere yet.
The group behind the attack is believed to have accessed and downloaded a significant amount of personal data from those who applied for legal aid through the digital service between 2007 and 16 May 2025, when the systems were taken offline. This data may include contact details and addresses, dates of birth, national ID numbers, criminal history, employment status, and financial data such as contribution amounts, debts and payments. In some instances, information about the partners of legal aid applicants may also be included.
The Legal Aid Agency should be in touch to notify affected individuals. In the meantime, anyone who applied for legal aid between 2007 and May 2025 is urged to stay alert for suspicious activity such as unknown messages or phone calls, update any potentially exposed passwords, and independently verify the identity of anyone they are communicating with online or over the phone before providing information.
If you receive notification that you are affected by the Legal Aid Agency data breach, register to receive updates on our investigation. We’ll let you know what’s happening, and if and when you can make a data breach compensation claim.
A group action claim is where a group of people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also known as class actions, multi-claimant, or multi-party actions.
There are no upfront costs to join the claim. The partner solicitors work on a No-Win, No-Fee basis. This means you pay nothing up front and, provided you keep to your contractual obligations, even if your claim is unsuccessful, you won't pay anything. If the claim is successful, a success fee is deducted from the compensation awarded.