Summary
The Legal Aid Agency has been hacked. If you have been given Legal Aid since 2010 your personal details may have been accessed. GMIAU is not responsible for this data breach but we are sharing this information for people we work with who may be affected.
May 2025
Please note: GMIAU will never ask you to provide passwords. GMIAU may ask you for financial information as part of a legal aid assessment or fee waiver assessment. We will do this during the referral process or at a relevant appointment. If you have any doubts, you can bring the documents to one of the GMIAU offices in person.
What has happened?
On Friday 16 May the Legal Aid Agency said that an unknown group has accessed and downloaded a significant amount of personal data from those who applied for legal aid through their online digital service since 2010. If you have instructed a legal aid lawyer since then, it is possible that your data has been accessed.
This data may have included:
- contact details and addresses of applicants
- dates of birth
- national ID numbers
- criminal history
- employment status and financial data such as contribution amounts, debts and payments.
What should you do?
The data breach has already occurred. If you have previously been a client of GMIAU, then we can only confirm whether it is possible your information was included in the data breach. GMIAU are not responsible for the data breach. The Legal Aid Agency are best placed to advise further on this. Keep checking their website for further information.
General advice has been provided by the National Cyber Security Centre.
1. Be alert to suspicious messages which may follow a breach. Your bank (or any other official organisation) will never ask for personal information by email, so look out for:
- official-sounding emails about ‘resetting passwords’,
- ‘receiving compensation’ or ‘confirming identity’
- emails full of ‘tech speak’
- being urged to act immediately
2. If you receive a message that includes a password you’ve used in the past, don’t panic:
- if you still use the password, change it as soon as you can
- if any of your other accounts use the same password, you should change them as well
3. Check your online accounts to see if there’s been unusual activity. Things to look out for include:
- being unable to log into accounts
- changes to your settings
- messages or notifications from your accounts that you don’t recognise
4. If you suspect an account of yours has been accessed, refer to the NCSC guidance on recovering a hacked account.
5. To check if your details have appeared in public data breaches, you can use online tools such as haveibeenpwned.com. Similar services are often included in antivirus or password manager tools that you may already be using.