"The revelation was made in a report published by the Public Accounts Committee (PAC) today, which, alongside a thorough castigation of the MoJ's handling of the unsafe HMP Dartmoor prison, highlights a list of failures and issues regarding the handling of the LAA cyberattack. Government officials told the PAC that the LAA's security shortcomings had been on its risk register since 2021. The agency's risk rating for a cyberattack was "extremely high," prompting a huge cash injection to address the various issues, split into £8.5 million, £10.5 million, and £32 million rounds."
"Both the MoJ and LAA acknowledged that the cyberattack, considered one of the most sensitive in British history, began in December 2024, but was not detected until April 2025. The Register asked the MoJ for answers regarding the four-month delay. The PAC's report notes that some of the £50 million earmarked for security improvements (part of the £10.5 million funding round) was spent on a new threat detection system that ultimately spotted the intrusion in April. However, the point at which it became operational is not clear."
The Ministry of Justice spent £50 million on cybersecurity improvements at the Legal Aid Agency before a high-profile cyberattack. The Public Accounts Committee identified multiple failures in the handling of the attack and in management of unsafe HMP Dartmoor. Government officials said the LAA's cyber risk had been on the register since 2021 and was rated "extremely high," triggering cash injections of £8.5 million, £10.5 million and £32 million. Both the MoJ and LAA acknowledged the breach began in December 2024 but was not detected until April 2025. Some of the £50 million funded a threat detection system that spotted the intrusion, but the system's operational date is unclear.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]