The United Kingdom's Legal Aid Agency (LAA) has confirmed that a recent cyberattack is more serious than first believed, with hackers stealing a large trove of sensitive applicant data in a data breach.

This confirmation of the data breach incident comes from the UK government, which was closely involved in the investigations that followed the initial disclosure.

LAA is an executive agency of the UK Ministry of Justice responsible for administering legal aid in the form of advice, representation, and justice to those who can't afford to pay for it themselves.

Eligibility for legal aid depends on the recipient's income and assets as well as the merits of the case, related to family law, housing, debt, immigration, mental health, and criminal law.

Earlier this month, the agency disclosed it suffered a security incident where limited financial information may have been exposed.

An update published in a UK government portal paints a more dire picture of the situation, informing that large amounts of data, dating from 2010 and onward, may have been compromised.

"On Friday 16 May, we discovered the attack was more extensive than originally understood and that the group behind it had accessed a large amount of information relating to legal aid applicants," reads the announcement.

"We believe the group has accessed and downloaded a significant amount of personal data from those who applied for legal aid through our digital service since 2010."

The data that may have been exposed includes applicants

• Contact details
• Dates of birth
• National ID numbers
• Criminal history
• Employment status
• Contribution amounts, debts, and payments

The UK government advises all applicants to stay vigilant for potential scam attempts targeting them. It recommends verifying all communications before any sensitive information is shared with the other party.

Jane Harbottle, Chief Executive Officer of the Legal Aid Agency, apologized for the situation, stating that she is "extremely sorry this has happened," and promising to provide more updates soon.

Meanwhile, all LAA systems have been secured with the help of the National Cyber Security Centre (NCSC), and the online application service has been taken offline temporarily.

The incident came at a time when UK retailers like the Co-op, Harrods, and Marks & Spencer (M&S), dealt with catastrophic attacks believed to have been carried out by threat actors associated with Scattered Spider, who attempted to deploy DragonForce ransomware on compromised networks.

It is unclear if the LAA incident is linked to those attacks, which, according to Google security researchers, have now moved to targeting the U.S.