Ministry of Justice admits to multiple data breaches

Ministry of Justice branded “a joke” after disclosing multiple data breaches, including two ransomware attacks in annual report

Posted 10 January 2022 by Christine Horton

The Ministry of Justice (MoJ) has admitted to 16 incidents of data breaches over the last two years.

In total, between April 2020 and March 2021, 16 significant personal data incidents, impacting approximately 5,476 people, were reported to the Information Commissioner’s Office.

This includes falling victim to two ransomware attacks.

The information was published in the Ministry of Justice’s Annual Report and Accounts and has been analysed by niche litigation practice Griffin Law.

The first ransomware case was targeted against the London Borough of Hackney in October 2020, and the second was against Ubiqus, a data processor which provides court recordings and transcription services, in December 2020.

Both cases were reported to the Information Commissioner’s Office.

According to the report, the first attack perpetrated against the London Borough of Hackney potentially compromised personal data which affected an “unknown” number of people. The incident was reported to the ICO on October 29, and their response is still pending.

The second attack against Ubiqus also impacted personal data of an “unknown” quantity of people. The ICO closed their investigation in this case and no further action was taken.

Court system “a joke”

The largest data incident spanned seven months and potentially impacted over 5,200 individuals and 55 companies. This was due to an inaccurate change to ‘plea data’.

In another case, vaccination status data from up to 25 HMPPS staff were stolen from a third party occupational health provider staff member, following a vehicle break in. The data was eventually returned to HMPPS.

There were also a further 6,267 incidents during the time period which did not meet the threshold to be reported to the ICO. 

The discovery of the data breaches elicited a strongly-worded rebuke by Donal Blaney, founder of Griffin Law. He described The Ministry of Justice and Courts & Tribunals Service as “a joke”.

“For the rule of law to mean anything, courts have to be adequately funded, properly staffed and competently run. If the MoJ & HMCTS cannot get their own houses in order, what faith can we have as a society that our justice system is no being run in a similarly inept manner?”

 These discoveries come a month after the announcement of the UK government’s National Cyber Strategy 2022 which aims to build “a strong and resilient cyber landscape using prosperous digital infrastructure to aid against ransomware attacks.” The government has committed to spending £22 billion on research and development with technology taking a central role in national security.