Back to Legal Aid Agency Data Breach

About the breach

What happened and when?

In May 2025, the UK’s Legal Aid Agency (part of the Ministry of Justice) confirmed it suffered a major cyber-attack that resulted millions of peoples’ data being breached. Sensitive personal data from legal aid applicants was accessed and as investigations progressed, the LAA confirmed the breach was more extensive than they initially thought, going back as far as 2007.

Was my data definitely involved?

We are not able to confirm for certain at this stage if your data was breached. You may be affected if you applied for legal aid in the past, including many years ago. If we’ve contacted you, it’s because your details suggest you could be affected. We’ll help you check this as part of the sign-up process.

What types of information may have been exposed?

According to the official statement made by the Ministry of Justice, this data may have included contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments. In some instances, information about the partners of legal aid applicants may be included in the compromised data.

Does this include information about my partner or family members?

Potentially. Some records contain details of spouses/partners or other linked individuals provided during the legal aid application. If you believe your legal aid application included details of your loved ones, they may also be able to join the litigation order.

Why are you only telling me this now?

The LAA confirmed the breach in stages. As the investigation progressed, more detail came to light about how far back the affected data goes and what was involved. We’re contacting you now because the picture is clearer, and we may be able to take action on your behalf.

Was Broudie Jackson Canter hacked?

No. This breach occurred on the Legal Aid Agency’s systems, not ours. Our systems remain secure.

Will this affect my current or past legal cases?

Your case outcomes are not changed by the breach. However, we recognise the sensitivity of the information and the worry this can cause. If you have specific concerns (e.g., safety, confidentiality), please contact us, we’ll happily discuss the steps we take to protect your privacy. 

Staying safe & next steps

What should I do right now to protect myself from fraud or scams?

  • Be alert to unexpected calls, texts or emails asking for personal or financial details.
  • Don’t share one-time passcodes or bank details.
  • Consider checking your credit file and setting up alerts.
  • Report suspicious messages to your mobile provider by forwarding texts to 7726 (free) and report fraud attempts to Action Fraud (England & Wales).

I’ve had a suspicious call/text/email ‘about the breach’. What should I do?

You may have received an SMS text message from us regarding the data breach. This text message will have included your name and the case reference number link to your previous or ongoing case with us. It will also include our phone number (0151 808 5059) and authentic website URL (www.broudiejacksoncanter.co.uk/LAAdatabreach). If the text you received did not include this information, it is not from us, and you should end the contact. If you are unsure, you can independently verify by calling us on our main number or by typing our website address directly into your browser (not via a link). We’ll confirm whether we contacted you.

Will the government offer practical support (e.g., credit monitoring)?

This may change as the investigation develops. If support is announced, we will update this page and notify clients who’ve registered with us.

I’m a domestic abuse survivor/at heightened risk, can you add extra protections?

Yes. Tell us if you need a safe contact method (for example, a different email/phone, use of passwords, or “no voicemail” instructions). We will prioritise safeguarding.

I think I’ve already suffered loss (e.g., fraud). What do I do?

Contact your bank immediately, report to Action Fraud, and let us know. Keep evidence (screenshots, bank letters, reference numbers). This may be relevant to your claim.

Verifying this is genuine

How can I be sure a message is really from Broudie Jackson Canter?

  • We will never ask for bank details, passwords, or one-time codes by text or email.
  • You can verify any message by calling our main number on our website, or by typing broudiejacksoncanter.co.uk directly into your browser (don’t use search or unknown links).
  • If in doubt, contact us through a known channel first.

Why did you text me instead of email?

We text clients where we don’t hold a current email address. If you prefer, call us to continue by phone or post only.

About the legal claim (Group Litigation Order, “GLO”)

What is a Group Litigation Order?

A GLO allows many people with similar claims to proceed together in the High Court. It can be a more efficient way to establish responsibility and seek compensation.

Who can join this claim?

Anyone whose personal data was involved in the LAA breach may be eligible, including applicants dating back many years. If you received our message, it’s because your details suggest you may qualify.

Do I have to prove specific harm to take part?

We’re seeking compensation for the loss of control of personal data and related distress. If you have suffered additional harm (e.g., identity fraud), please tell us as that information can strengthen your claim, but it’s not the only route to compensation.

Can family members whose details were included also claim?

Potentially, yes. If a partner/family member’s data was processed as part of your application, they may also have a claim. Please ask them to register separately.

Can I join if I now live outside the UK?

Usually yes, if your data was processed by the LAA. We’ll confirm eligibility during sign-up.

Can I bring my own claim instead of joining the group?

You can, however it is much more difficult to secure compensation on an individual basis. We’ll happily explain your options when you enquire so you can choose what’s best for you.

Will I have to go to court or provide a statement?

Most clients won’t need to attend court. We’ll guide you if evidence is required, keeping the process as light-touch as possible.

Eligibility & evidence

What information will you need from me?

Basic identity details, when you applied for legal aid (if known), and safe contact information. If you have letters/emails about a legal aid application, keep them. Don’t worry if you don’t have records as we will help check.

Can I claim on behalf of a child or a loved one who lacks capacity?

Yes. Parents, guardians or those with appropriate legal authority can register on their behalf. This is often referred to as a ‘litigation friend’. We’ll explain what authorisation we need.

What if the person has died, can an estate claim?

Please contact us. In some circumstances, a claim may still be possible via the estate or next of kin.

Timing & process

How do I sign up?

Signing up is easy and only takes a few minutes. The fastest way to sign up is to fill in this questionnaire here: 

Instruct free legal representation

Alternatively, you can call us on 0151 808 5059 and one of our friendly advisors will sign you up over the phone.

What happens after I register?

Once you have registered with us online, we'll confirm we've received your interest and a member of our team will contact you to discuss the case. The next step would then be to send over a Client Care letter and our Terms of Business for you to sign electronically. Once signed, we'll confirm in writing we've received those, will provide you details of your named contact for any queries, and will then keep you updated at key stages of the process.

How long will this take?

Group litigation can take time. We’ll push for progress and keep you informed, but we can’t promise outcomes or timings.

How will you keep me updated?

Email where possible, or SMS/post if preferred. Please tell us your safe contact method when you enquire.

Can I withdraw later?

Yes, please tell us in writing if you wish to withdraw and we’ll explain any implications at that stage.

Compensation

What compensation are you seeking?

We’re seeking compensation for the misuse/loss of control of personal data and the distress this causes. Where there’s evidence of additional loss (e.g., fraud), we’ll include that.

Will everyone get the same amount?

Not necessarily. Awards can vary based on what data was involved and the impact.

Does paying for credit monitoring affect compensation?

No. Sensible protective steps won’t usually reduce what you’re entitled to claim.

Costs & funding (No Win, No Fee)

What does “No Win, No Fee” mean?

You won’t pay us if the claim is unsuccessful. If we win, a pre-agreed success fee and any insurance premium may be deducted from damages. We’ll set this out clearly before you sign. We prioritise transparency, so there will be no nasty hidden additional fees or costs to pay.

Do I pay anything up front?

No, as we are acting exclusively on a no win, no fee basis, you will not be required to pay anything up front.

Could I ever owe money if the claim loses?

Our aim is to protect you from adverse costs exposure. We typically arrange After-the-Event (ATE) insurance and manage risks as a group. We’ll explain how this works before you join.

Privacy & data handling (with us)

What data will you collect from me and why?

Only what we need to run your claim (identity, contact details, relevant history). We’ll explain this in our privacy notice and client care documents.

How will you keep my information secure?

We use secure systems, strict access controls, and trained staff. 

Will you share my data with anyone else?

Only where necessary for your claim (e.g., counsel, experts, the court) and under confidentiality obligations.

Can I see or delete the information you hold about me?

Please see our privacy notice for your rights and how to exercise them.

Will taking part put more of my data at risk?

No. Please see our privacy notice to understand how we look after your data. We only use what’s necessary. 

Special situations

I’m already represented by another firm, can I still speak to you?

Yes, but tell us if you’ve signed anything with another firm about this breach, so we can advise properly.

I’ve moved or changed my name, does that matter?

No problem. Give us your current details and any previous names/addresses to help locate records.

I was under 18 when I applied for legal aid, am I eligible?

Potentially, yes. We’ll advise case-by-case.

I was a legal aid provider (lawyer/firm) whose business data was exposed, do I have a claim too?

Possibly. Please contact us to discuss your circumstances.

Is there a deadline to join?

Time limits apply in data claims. To protect your position, register your interest here as soon as possible.

My case involved particularly sensitive issues, what extra steps can you take?

We can use enhanced confidentiality measures (restricted access, code words, alternative contact methods). Please tell us your concerns and any additional support you require when you register with us.

Support & feedback

I’m anxious about sharing more information, can I speak to someone first?

This is absolutely understandable. Data breaches naturally make us question the security of our personal information. If you are anxious about sharing more data, call us on 0151 808 5059 and we’ll talk you through our safety measures before you decide.

Do you offer language support or reasonable adjustments?

Yes. Let us know what you need and we’ll arrange interpreters, accessible formats, or other adjustments.

How can I make a complaint or give feedback?

Our complaints process is on our website here or ask any member of the team to send it to you.

How to get started

The first step to joining our Group Litigation Order is to make a quick enquiry using this expression of interest form. This form is completely secure and only the information you share will go direct to the legal team working on this case. They will then be in touch. 

For more information you can visit our website here to understand a little more about the Legal Aid Agency data breach, its impact, and what action we intend to take.

Important: We will never ask for bank details, passwords, or one-time passcodes by text or email. If in doubt, call our main number or type our web address directly into your browser to verify any message.