Emergency submission measures are reduced months after the Legal Aid Agency cyber attack
The Legal Aid Agency has scaled back contingency measures for civil legal aid work, seven months after its systems were shut down following a cyber attack.
The agency confirmed last week that all civil applications, amendments and requests for prior authority must now be submitted through the Civil Apply system or the Client and Cost Management System. Email submissions are no longer permitted. Criminal legal aid systems were restored earlier, in September.
The contingency arrangements will now apply only in limited circumstances. These include situations where an individual provider cannot access the system because of a technical issue affecting only them, where a system-wide outage prevents access for all users, where work submitted under contingency arrangements has not yet appeared on the Client and Cost Management System, or where a provider is unable to access the system for a new contract.
The decision marks a further step in the recovery process following the cyber attack, which disrupted legal aid services across England and Wales. Although the breach occurred almost a year ago, it was not identified until April. The agency shut down its systems the following month as a precaution.
Embed from Getty Images
The extended outage forced the Legal Aid Agency to introduce emergency measures to allow providers to continue working while digital systems were unavailable. Those arrangements enabled submissions by email and other temporary methods while technical investigations and system repairs were carried out.
The cyber attack remains the subject of ongoing scrutiny. This month, Conservative MP Nick Timothy asked about progress in supporting law enforcement investigations. In response, Justice Minister Sarah Sackman said that sensitive investigations were continuing.
She told Parliament that the Ministry of Justice was working closely with the National Crime Agency to monitor activity on the dark web. She said that, so far, there was no evidence that data taken in the breach had been shared publicly.
Sackman added that if authorities identified a specific individual as being at risk as a result of the cyber attack, steps would be taken to try to contact them.
The Legal Aid Agency has faced mounting pressure from providers affected by the prolonged disruption. Concerns have been raised about delays, financial strain on firms and uncertainty over data security. The agency has also faced the prospect of legal action, with claims being explored over the impact of the attack on legal aid practitioners.
By narrowing the circumstances in which contingency measures apply, the agency has signalled a return to normal operating requirements for most civil legal aid work. Providers are now expected to use standard digital systems for the vast majority of submissions, with temporary arrangements reserved only for exceptional cases.