5. Legal Aid Agency
When: April
What happened?
The government initially became aware of a cyber-attack on the Legal Aid Agency’s online digital services on 23 April.
But on 16 May, it discovered the attack “was much more extensive than originally understood” and that the group behind it had accessed “a large amount of information relating to legal aid applicants”.
Who nominated it, and why?
Three of our 12 panellists ranked this cyber-attack among the year’s most significant in the form of Chorus MD Nicola Saner, Cyberfort CEO Glen Williams and CyXcel Co-founder and COO Jano Bermudes.
“Investigations by the NCSC and NCA are ongoing, raising serious concerns about data privacy,” Williams said of his reasoning.
“Still early days for this one, but it’s eye catching due to the impact on the legal system in general, the scale of data stolen and the amount of time this may take to resolve,” Saner said when asked to justify her decision.
Channel takeaway:
While investigations are ongoing, Saner claimed the cybersecurity industry can already glean some potential lessons from the cyber-attack.
“The implication for cybersecurity (again maybe not fully understood yet) seems to be a timely reminder about the risks of old and unpatched systems, a lesson well understood but again one which many organisations (especially in challenging financial times) struggle to deal with,” she said.
Four cyber-attacks were considered more significant by our leadership panel. See next page for more…
