Legal Aid ACT cyber incident

This information supports clients who may be impacted by the Legal Aid ACT cyber incident on 3 November 2022. 



About this cyber incident

On Thursday 3 November 2022, Legal Aid ACT was subject to a cyber incident. We moved quickly to protect our systems and engaged a specialist cyber security firm to investigate this incident.

Has Legal Aid ACT been contacted by the cybercriminal?

We have had correspondence with the group responsible for the cyber incident last week. We have confirmed form data samples they have provided that they do hold copies of our stolen data. We continue to work with the Australian Federal Police and ACT Policing on their investigation into this criminal matter.

What information is involved in the data breach?

On Sunday 6 November 2022, we confirmed client information was copied by the cybercriminals. Some of this information is personal information about private client matters related to the services provided by Legal Aid ACT.

Can the criminals steal more data?

Due to the quick actions taken by our IT teams, the criminals were prevented from accessing more information. We moved to a new cloud-based system that is completely separate to our old system. This means our teams continue delivering a full range of legal services to our community.

Has this been reported to the police?

This cyber incident is a criminal matter and has been reported to appropriate authorities. We are working closely with the Australian Office of the Information Commissioner, the Australian Cyber Security Centre, the Australian Federal Police and ACT Policing.

How can I keep up to date with the Legal Aid ACT cyber incident? 

We are updating our website regularly as we work to resolve this incident. Updates on the investigation are posted on the site when they are available.