In May 2025, the UK Legal Aid Agency (part of the Ministry of Justice) disclosed a significant data breach affecting information on 2,000 legal service providers and their clients. The exposed data included names, dates of birth, National Insurance numbers, criminal records, and detailed financial information about legal aid applicants. The Legal Aid Agency provides public funding for legal representation in England and Wales; the breach affected sensitive client records spanning many years of applications. The attacker gained access through the agency’s online portal and exfiltrated a substantial volume of personal and financial data. The UK’s National Cyber Security Centre (NCSC) assisted with incident response.