All legal aid providers regain access as ministers urge faster transformation after cyberattack
All legal aid providers in England and Wales have now completed the transition to a new identity management system, restoring full access to government digital services following a major cyberattack on the Legal Aid Agency.
The move marks a significant milestone in the agency’s recovery after attackers breached its online portal on New Year’s Eve 2024. The intrusion, discovered in April 2025, led to the shutdown of many digital services from May onwards. Ministers later confirmed that criminals had accessed extensive data, including information relating to legal aid providers and sensitive personal details of individuals who had applied for legal aid over a 15-year period.
In response, the agency introduced emergency business continuity measures while working to secure its systems. A phased restoration of services began in September 2025, with priority given to criminal legal aid applications and billing.
Updating Parliament, courts minister Sarah Sackman said significant efforts had been made to restore services “as quickly and safely as possible”. She confirmed that platforms supporting crime applications and most criminal billing functions are now operational again.
She added that the same progress has been made across civil legal aid, with all providers successfully onboarded to the LAA’s digital portal using a new identity management system. As a result, the agency has been able to close down most of the temporary business continuity arrangements put in place during 2025, although some internal processes remain under review.
The minister said the recovery process has also created an opportunity to reassess the agency’s wider technology strategy. She told MPs that officials have been asked to explore ways to accelerate the Legal Aid Agency’s transformation programme, with the aim of replacing restored systems with technology that is “modern, resilient, and flexible”.
The cyberattack has intensified scrutiny of the agency’s legacy IT infrastructure, with previous admissions that outdated systems contributed to vulnerabilities. Ministers have acknowledged that recovery alone is not sufficient and that longer-term reform is required to reduce future risk.
Similar views were expressed last year by Mark Thompson, Chief Digital and Information Officer at the Ministry of Justice. Speaking in September, he said the incident had been highly disruptive but had also reinforced the case for transformation.
He noted that efforts to restore services had forced changes that might otherwise have taken years to implement, combining policy and operational reform to address long-standing issues within the Legal Aid Agency’s systems.
With all providers now reconnected through the new security platform, the focus is shifting from recovery to reform, as officials seek to modernize legal aid technology while safeguarding sensitive data against future threats.