Exclusive Seven months after a landmark cyberattack, the UK’s Legal Aid Agency (LAA) says it’s returning to pre-breach operations, although law firms are still wrestling with buggy and more laborious systems.

According to sources speaking to The Register, the LAA’s Client and Cost Management System (CCMS) – used by lawyers to claim payments from the government for civil legal aid work – has been “a nightmare to use” since coming back online.

The system was reinstated on December 1, at which point the LAA claimed it was starting to return to pre-cyberattack service levels. However, those tasked with using its tech face frustration as they are booted out of sessions at random.

Legal eagles and their administrative assistants now access CCMS using an AWS Secure Browser – a new process implemented in the wake of the cyberattack. But the LAA warned that during the first week of operation, there would be concurrency controls on that browser.

“This may result in messages about limited stream capacity when logging in,” legal workers were warned, although those who use the system told The Register that these concurrency controls are also leading to sessions ending abruptly.

Privately, the LAA later took down the service temporarily and told users to avoid attempting to log in.

Sources close to the matter told The Register that these availability hiccups stemmed from the LAA gradually increasing the number of users who could use CCMS concurrently.

One of the major issues with the random timeouts is the resulting lost work. Insiders said they are now battling with much more labor-intensive digital processes, many of which are due to more stringent security measures.

Workers are facing difficulties with uploading and downloading key documents. Because these must now always go through AWS – another new security-related measure that’s separate from the browser – if their session ends unexpectedly, documents that were pre-downloaded are then lost, meaning they have to rebuild those workflows when logged back in.

“If you are not computer savvy, you will have a nightmare working the system,” one legal worker said. “The explanation info provided is very round the houses and not easy to understand.”

As of December 8, these concurrency limits are reportedly no longer affecting user sessions, although workers continue to experience increased friction elsewhere in their new ways of working.

A new multifactor authentication (MFA) portal is now in place, and the number of hoops workers have to jump through means logging in to CCMS can take up to six minutes in some cases.

Sign in to Legal Aid Services (SILAS) replaces the basic email-and-password combo used for CCMS authentication. While it was introduced to beef up the security of the agency’s digital infrastructure, those familiar with the process said it can, in some cases, involve requesting more than one code from Microsoft Authenticator to access a service, forcing workers to switch between multiple authentication panels.

Fresh restrictions on file management are another source of pain for workers trying to claim reimbursement for legal aid work. 

Administrative staff report difficulties with smaller file size limits, meaning larger documents that would traditionally be uploaded in one go now sometimes have to be broken down into multiple, smaller files.

File names can only include alphanumeric characters, hyphens, and underscores – no spaces – and the transfer process involves uploading to AWS, then moving to temporary holding files, before moving to CCMS.

All of these are laborious processes, which, while small in isolation, are cumulatively adding to a growing pool of frustrations.

An LAA spokesperson said: “We acted quickly to restore access to legal aid services, which have now returned to full capacity. We have introduced a new sign-in service and strengthened the security of our case-management systems to protect users’ data and ensure services remain safe and reliable.”

“We continue to monitor system performance closely and have increased our technical capacity to support the higher volumes we are seeing as providers come back online. Where individual users experience difficulties, our customer support team is on hand to assist.”

The May 2025 cyberattack on the LAA is thought to be one of the most sensitive in UK history, exposing details related to legal procedures dating back to 2010.

Journalists were prevented from reporting many of the details about the attack because the UK government secured an injunction preventing the sharing of the data involved.

It is not clear what the stolen data includes, but it likely relates to legal aid workers and those they defended in court.

The Ministry of Justice said that a “significant amount of personal data” related to legal aid applicants was implicated.

As we reported at the time, nearly 389,000 legal aid claims were made between April 2023 and March 2024, 96 percent of which were granted. ®