Jim Dunton reports:
The chief executive of the Legal Aid Agency has told MPs that the organisation is still working out the extent of a cyberattack that was uncovered back in the spring.
Jane Harbottle told members of parliament’s Public Accounts Committee that a team of analysts is still exploring how much of the compromised data can be pieced back together.
She told recent PAC evidence session that the work could take several more weeks to complete. However, she insisted that so far there was no evidence that data accessed by hackers had been published on the dark web.
In a joint statement with sponsor department the Ministry of Justice, the LAA announced on 19 May that it had taken down its digital services after a cyberattack that was detected the previous month.
The statement said that the hack had first been identified on 23 April, but had subsequently been found to be “more extensive” than previously thought. The MoJ and LAA said that the perpetrators “had accessed a large amount of information relating to legal aid applicants”.
At the PAC hearing, Harbottle said investigations had revealed that the first-known entry into the LAA system by the attacker – made via its Legal Aid portal – was on 31 December last year.
Read more at Public Technology.
Although not mentioned in this article, this attack was orchestrated by ShinyHunters, and the Legal Aid Agency secured an injunction prohibiting the publication or use of any data. As with other injunctions, the criminals did not feel obligated to comply with its terms.
This article originally appeared at Civil Service World.