Legal Aid Agency: Cyber-security Incident Debate
Full Debate: Read Full DebateDepartment: Ministry of Justice
Josh Babarinde
Main Page: Josh Babarinde (Liberal Democrat - Eastbourne)Department Debates - View all Josh Babarinde's debates with the Ministry of Justice
Legal Aid Agency: Cyber-security Incident
Josh Babarinde Excerpts(1 day, 19 hours ago)
Commons ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Madam Deputy Speaker (Judith Cummins)
I call the Liberal Democrat spokesperson.
Josh Babarinde (Eastbourne) (LD)
I thank the Minister for advance sight of her statement. Hundreds of thousands of people across the country, including many in my patch of Eastbourne, will be hugely concerned that their information is in the hands of deplorable criminals whose identities we do not know and whose further intentions are unclear, and who should face the full force of the law. The damage is especially profound, because the state’s inability to steward the public’s data undermines people’s trust in our justice system. More than that, given that legal aid applicants are the victims, the data breach risks disproportionately undermining the trust of some of the most vulnerable people in our society. The previous Government should hang their heads in shame for ignoring the Law Society’s 2023 calls to address those vulnerabilities when they had the chance.
This Government must urgently restore trust, and I have a few questions in pursuit of that. First, how will the Minister proactively communicate with all those affected about this breach to provide guidance and support? Secondly, will she consider launching a dedicated advice line, for example, for anyone who is worried about what it means for them? Thirdly, the Legal Aid Agency’s services were taken offline last Friday, as the Minister confirmed, so how will she ensure that that does not compromise people’s access to legal aid in the meantime? Finally, will the Government conduct a cyber-security review of all the systems they use across their remit to identify and address further vulnerabilities before they are exploited at the expense of our constituents?
Sarah Sackman
The hon. Gentleman is absolutely right that incidents such as this perpetrated by cyber-criminals represent an attack on our justice system and are corrosive of trust. He is also absolutely right that, in so doing, they are hitting some of the most vulnerable in our society. That angers me, frankly, and the response needs to be commensurate to the damage that they have done not just in stealing people’s private data, but to the wider system in undermining trust.
We are taking a proactive approach to communicating with people and with the sector. As soon as the risk and the exposure of the system to these hackers was identified, legal aid providers were updated on their exposure and told to take proactive security steps. That communication has been updated, and, as well as today’s public statement, we are in constant communication with those legal aid providers. They are really the most important point of contact, because they have a relationship of trust with their clients, and they will be invited to pass on the warnings and messages coming from the Government. Where we know of particular individuals whose data may have been exposed and who may be particularly vulnerable, we are communicating directly with them. I will take away the hon. Gentleman’s suggestion of an advice line, but for now what I have described will be the most important and effective way of disseminating the warnings and keeping people up to date as the situation evolves.
Turning to the wider security threat to Government and other vulnerabilities, before this attack we had indicated in any event that we would have a new national cyber strategy across Government by the end of the year. Obviously, we also intend to introduce the cyber-security and resilience Bill, which aims to improve and strengthen Government cyber-defences and Government responses to attacks just like this one. All of that is going to be important to improving the resilience not just of the Legal Aid Agency but of cyber-systems right across Government.