Legal Aid has taken down its digital services after discovering cyber criminals stole a "significant amount" of applicant data following a breach in April.

The Ministry of Justice (MoJ) announced on Monday that on Friday it became aware that the attack was more extensive than originally understood, explaining that the group behind the incident accessed and downloaded a large amount of personal data from those who applied for legal aid through the organisation's digital service since 2010.

The attack, which took place on 23 April, impacted the services through which Legal Aid providers log their work and receive payment from the government.

The MoJ said that data stolen during the incident may have included contact details and addresses of applicants, dates of birth, national ID numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments.

Legal Aid chief executive Jane Harbottle said that to safeguard the service and its users, the organisation has decided to take "radical action" by taking down its online services.

She assured users that Legal Aid has put in place the necessary contingency plans to ensure those most in need of legal support and advice can continue to access the help they need during this time.

"I understand this news will be shocking and upsetting for people and I am extremely sorry this has happened," continued Harbottle. "Since the discovery of the attack, my team has been working around the clock with the National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency."

The MoJ has called on members of the public who have applied for legal aid in this time period to take steps to safeguard themselves.

It urged them to stay alert for any suspicious activity such as unknown messages or phone calls and to be extra vigilant to update any potentially exposed passwords.

Speaking in response to the news, Wayne Cleghorn, data protection and cybersecurity partner at Excello Law said: "The urgent response is to go back to basics: check key data protection practices, review GDPR compliance, strengthen basic information security safeguards and encourage important suppliers to be on high alert. The problem with data beaches of highly sensitive and special category data is not just the immediate exposure and vulnerabilities caused, it is the unknown future nefarious uses of the stolen data, which can be surprising and very harmful to all involved."

---