Asked by: Nick Timothy (Conservative - West Suffolk)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, if he will make an estimate of the costs incurred by Department as a result of the Legal Aid Agency data breach on 23 April 2025.
Answered by Sarah Sackman - Minister of State (Ministry of Justice)
This data breach was the result of serious criminal activity but it was enabled by the fragility of the LAA’s IT systems as a result of the long years of neglect and mismanagement of the justice system under the last Conservative Government. Upon taking office, I was shocked to see how fragile our legal aid systems were. The previous Government knew about the vulnerabilities of the Legal Aid Agency digital systems, but failed to invest. By contrast, since taking office, this Government has prioritised work to rebuild the LAA digital systems. That includes the allocation of over £20 million in extra funding this year to stabilise and transform the Legal Aid Agency digital services as we build back better in response to this attack. We are now in a position where all providers have online access to our civil legal aid services currently available via SiLAS, alongside our criminal legal aid services, which were restored in September.
This is an evolving situation but to date the total operational and digital costs of the incident are forecast to be £22 million for this financial year.
All providers have been able to access payment for work carried out whilst systems have been offline.
For some types of legal aid this meant adjusting the way in which providers submitted their claim for payment to the LAA. From 19 May, providers have been able to claim their usual payments for Legal Help, Crime Lower & Mediation work via a contingency process. Due to previous investment, the criminal legal aid systems were more modern, and internal access was restored more quickly. This enabled the LAA to resume paying Crown Court bills from early June.
It was necessary to agree a payment contingency for Civil Representation work with HM Treasury. This led to the implementation of the Average Payment Scheme on 27 May. The Average Payment Scheme enables providers to opt in to receive a temporary average payment for Civil Representation work that would otherwise be due, or where the value of their outstanding work varies from this, to apply for a specific payment to meet the cost of that work. Payments are made on a weekly basis. The weekly average payment is based on previous payments made to that provider over the 3 month period preceding the cyber incident. Some providers have not opted in to receive payment in this way and wait for the restoration of the systems, but payments are there should they need it. We are unable to quantify the number of legal aid providers who have not opted in to receive an average payment in each of the weeks it has been available.
Providers are obligated to act in the best interests of their clients both by their own SRA regulatory requirements and by their LAA Contracts. In circumstances where a legal aid provider is unable to continue providing representation in an ongoing case, for whatever reason, they have a professional and contractual obligation toward their client to assist them in finding alternative representation.
We have not seen any evidence of legal aid providers leaving the market directly as a result of the cyber-attack. Since April 2023 there has been a net increase in the number of providers contracted to deliver legal aid services.
Asked by: Nick Timothy (Conservative - West Suffolk)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, how many (a) barristers, and (b) solicitors have not been paid by the Legal Aid Agency since the data breach of 23 April 2025.
Answered by Sarah Sackman - Minister of State (Ministry of Justice)
This data breach was the result of serious criminal activity but it was enabled by the fragility of the LAA’s IT systems as a result of the long years of neglect and mismanagement of the justice system under the last Conservative Government. Upon taking office, I was shocked to see how fragile our legal aid systems were. The previous Government knew about the vulnerabilities of the Legal Aid Agency digital systems, but failed to invest. By contrast, since taking office, this Government has prioritised work to rebuild the LAA digital systems. That includes the allocation of over £20 million in extra funding this year to stabilise and transform the Legal Aid Agency digital services as we build back better in response to this attack. We are now in a position where all providers have online access to our civil legal aid services currently available via SiLAS, alongside our criminal legal aid services, which were restored in September.
This is an evolving situation but to date the total operational and digital costs of the incident are forecast to be £22 million for this financial year.
All providers have been able to access payment for work carried out whilst systems have been offline.
For some types of legal aid this meant adjusting the way in which providers submitted their claim for payment to the LAA. From 19 May, providers have been able to claim their usual payments for Legal Help, Crime Lower & Mediation work via a contingency process. Due to previous investment, the criminal legal aid systems were more modern, and internal access was restored more quickly. This enabled the LAA to resume paying Crown Court bills from early June.
It was necessary to agree a payment contingency for Civil Representation work with HM Treasury. This led to the implementation of the Average Payment Scheme on 27 May. The Average Payment Scheme enables providers to opt in to receive a temporary average payment for Civil Representation work that would otherwise be due, or where the value of their outstanding work varies from this, to apply for a specific payment to meet the cost of that work. Payments are made on a weekly basis. The weekly average payment is based on previous payments made to that provider over the 3 month period preceding the cyber incident. Some providers have not opted in to receive payment in this way and wait for the restoration of the systems, but payments are there should they need it. We are unable to quantify the number of legal aid providers who have not opted in to receive an average payment in each of the weeks it has been available.
Providers are obligated to act in the best interests of their clients both by their own SRA regulatory requirements and by their LAA Contracts. In circumstances where a legal aid provider is unable to continue providing representation in an ongoing case, for whatever reason, they have a professional and contractual obligation toward their client to assist them in finding alternative representation.
We have not seen any evidence of legal aid providers leaving the market directly as a result of the cyber-attack. Since April 2023 there has been a net increase in the number of providers contracted to deliver legal aid services.
Asked by: Iain Duncan Smith (Conservative - Chingford and Woodford Green)
Question to the Foreign, Commonwealth & Development Office:
To ask the Secretary of State for Foreign, Commonwealth and Development Affairs, with reference to her Department's joint press release entitled UK and US take joint action to disrupt major online fraud network, published on 14 October 2025, what steps she is taking to support international efforts to monitor conditions in Cambodian scam centres and assist victims of torture and other abuses.
Answered by Seema Malhotra - Parliamentary Under-Secretary (Foreign, Commonwealth and Development Office)
I refer the Rt Hon Member to the answer he was given on 3 November in response to Questions 85061-64, and I would add that we are closely monitoring reports of torture, human trafficking and other abuses in Myanmar-based scam centres, working with partners and international organisations to gather evidence of the scale of the problem, and strengthening law enforcement capacity to detect, investigate, and disrupt online trafficking recruitment and illicit financial flows linked to cyber-enabled fraud. All evidence is kept under review, and further action will be taken when needed.
Asked by: Iain Duncan Smith (Conservative - Chingford and Woodford Green)
Question to the Foreign, Commonwealth & Development Office:
To ask the Secretary of State for Foreign, Commonwealth and Development Affairs, what steps she is taking to monitor and prevent the rerouting of assets, including gold reserves, from Cambodia to other jurisdictions following recent sanctions; and whether she is working with international partners to disrupt money laundering linked to cybercrime networks in Cambodia.
Answered by Seema Malhotra - Parliamentary Under-Secretary (Foreign, Commonwealth and Development Office)
I refer the Rt Hon Member to the answer he was given on 3 November in response to Questions 85061-64, and I would add that we are closely monitoring reports of torture, human trafficking and other abuses in Myanmar-based scam centres, working with partners and international organisations to gather evidence of the scale of the problem, and strengthening law enforcement capacity to detect, investigate, and disrupt online trafficking recruitment and illicit financial flows linked to cyber-enabled fraud. All evidence is kept under review, and further action will be taken when needed.
Asked by: Iain Duncan Smith (Conservative - Chingford and Woodford Green)
Question to the Foreign, Commonwealth & Development Office:
To ask the Secretary of State for Foreign, Commonwealth and Development Affairs, whether her Department plans to take further steps beyond recent sanctions to address human rights abuses linked to Cambodian scam centres, including efforts to secure the release of individuals held in conditions amounting to torture.
Answered by Seema Malhotra - Parliamentary Under-Secretary (Foreign, Commonwealth and Development Office)
I refer the Rt Hon Member to the answer he was given on 3 November in response to Questions 85061-64, and I would add that we are closely monitoring reports of torture, human trafficking and other abuses in Myanmar-based scam centres, working with partners and international organisations to gather evidence of the scale of the problem, and strengthening law enforcement capacity to detect, investigate, and disrupt online trafficking recruitment and illicit financial flows linked to cyber-enabled fraud. All evidence is kept under review, and further action will be taken when needed.
Asked by: Iain Duncan Smith (Conservative - Chingford and Woodford Green)
Question to the Foreign, Commonwealth & Development Office:
To ask the Secretary of State for Foreign, Commonwealth and Development Affairs, what assessment his Department has made of reports of torture and other serious human rights abuses in scam centres operating in Cambodia; and what steps his Department is taking to press for accountability and the protection of victims.
Answered by Seema Malhotra - Parliamentary Under-Secretary (Foreign, Commonwealth and Development Office)
I refer the Rt Hon Member to the answer he was given on 3 November in response to Questions 85061-64, and I would add that we are closely monitoring reports of torture, human trafficking and other abuses in Myanmar-based scam centres, working with partners and international organisations to gather evidence of the scale of the problem, and strengthening law enforcement capacity to detect, investigate, and disrupt online trafficking recruitment and illicit financial flows linked to cyber-enabled fraud. All evidence is kept under review, and further action will be taken when needed.
Asked by: Lord Bailey of Paddington (Conservative - Life peer)
Question to the Ministry of Housing, Communities and Local Government:
To ask His Majesty's Government what discussions they have had with the relevant councils following the cyber attacks on Westminster Council, Hammersmith and Fulham Council and the Royal Borough of Kensington and Chelsea Council, including in relation to the people or organisations behind the attacks.
Answered by Baroness Taylor of Stevenage - Baroness in Waiting (HM Household) (Whip)
The Ministry of Housing, Communities and Local Government, the National Cyber Security Centre and law enforcement have been working closely with the impacted councils, to understand the risk to their services and to wider government, and to support effective remediation and restoration of services for the public. Councils have been working diligently with specialist support to validate the security of their networks and bring essential services back online. We are aware that some council data may have been stolen by criminal actors. The impacted councils, government and law enforcement are thoroughly investigating the accuracy and potential impact of any data loss. There is an ongoing law enforcement investigation which the councils and MHCLG are fully supporting.
Asked by: Lord Taylor of Warwick (Non-affiliated - Life peer)
Question to the Home Office:
To ask His Majesty's Government what consideration they are giving to exemptions to the proposed ban on ransomware payments for operators of critical national infrastructure.
Answered by Lord Hanson of Flint - Minister of State (Home Office)
Protecting the UK from cyber threats is a top priority for this Government. Ransomware measures are being considered as part of a wider all-of-Government approach to reduce cyber threats, alongside the Cyber Security and Resilience Bill by DSIT.
It is long-standing Government advice, and that of the National Cyber Security Centre, to not pay ransoms as there is no guarantee of a return to business-as-usual provision. .
We have consulted on this, and as published in the Government response to ransomware legislative proposals: reducing payments to cyber criminals and increasing incident reporting (accessible) - GOV.UK, there was split feedback regarding whether a targeted ban should have an exceptions(/exemptions) process. 43% of respondents agreed, 40% disagreed, 17% didn’t know. Qualitative responses cited national security and public safety as reasons for the need.
As with all feedback provided in the consultation response, the Government is considering the most appropriate and proportionate course of action and developing the policy in collaboration with industry and the relevant Government departments. No final decision has yet been made, and the Government is looking very carefully at all options.
Asked by: Nick Timothy (Conservative - West Suffolk)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, what progress his Department has made in assisting law enforcement agencies responding to the Legal Aid Agency data breach on 23 April 2025.
Answered by Sarah Sackman - Minister of State (Ministry of Justice)
Since the serious criminal attack on the Legal Aid Agency’s digital portal was identified, we have worked closely with the National Crime Agency (NCA) and the police. As sensitive investigations remain ongoing, it would not be appropriate to comment on the nature or detail of this engagement.
We take the security of people’s personal data extremely seriously. An injunction has been put in place to prohibit sharing of this data. Anyone who does so could be sent to prison. We are continuing to work with the NCA to monitor the dark web. As far as we are aware, no data has been shared or put out in the public domain. If it is identified that a specific individual is at risk, action will be taken to try to contact them.
Asked by: Nick Timothy (Conservative - West Suffolk)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, what representations has he received from (a) barristers, (b) solicitors, and (c) legal aid providers regarding the Legal Aid Agency data breach on 23 April 2025.
Answered by Sarah Sackman - Minister of State (Ministry of Justice)
We acknowledge and appreciate the constructive way that providers have worked with us following the serious criminal attack on the Legal Aid Agency’s (LAA) digital systems. They have continued to do vital work in challenging circumstances.
The LAA and Ministers have proactively engaged with representative bodies throughout to address any concerns regarding the criminal attack on LAA systems. Our focus was first to maintain access to justice and then to ensure providers had access to the cash flow that they needed. The LAA sought views and feedback from provider representative bodies to help shape contingency measures and supporting guidance in a way which supports legal aid providers most effectively. Regular updates have been provided to legal aid providers via email and published on the LAA’s dedicated cyber incident webpage and FAQ page.
The Department has worked around the clock to ensure that digital services were restored as swiftly and safely as possible. The LAA Portal has been replaced by a new, secure single sign-in tool for LAA online services (SiLAS). We worked closely with providers to test functionality before bringing providers back onto our systems in a careful, phased approach. We are now in a position where all our civil systems accessible via SiLAS are operational alongside our crime systems, which were restored in September.