In an update to the LAA notice on the leak, the Ministry of Justice announced ‘further investigations have shown that some data going back to 2007 may have been accessed as well as information linked to the partners of applicants. Previously we stated the data went back to 2010’.
The cyberattack was discovered on 23 April, and initially thought to affect providers. On 16 May, it was also found to have exposed clients’ personal and financial details.
An injunction is in place against sharing any of the data.