27
Accepted
MoJ acknowledges system vulnerabilities, but acceleration depends on Spending Review funding
Conclusion
We asked MoJ whether the public could have confidence that data stored across MoJ’s systems is safe, following the attack. MoJ stated that it has comprehensively reviewed all of its systems to understand where vulnerabilities lie. It stated that its review had given it a better understanding of where the risks in its systems are and explained that a transformation programme is now in place to update systems and make them less vulnerable. It acknowledged, however, that there are huge costs associated with improving systems and that addressing the risks identified will be dependent on its decisions on how to allocate its Spending Review settlement across the business. It gave the same response, when we asked whether it planned to accelerate the transformation programme in light of the attack on LAA’s systems.52 50 Q 71 51 Qq 77, 88 52 Qq 81-86, 89 16
Government Response Summary
The government agrees with the committee's recommendation and states the MoJ and LAA have already identified and shared lessons from the cyberattack through various routes, including internal committees, cross-government meetings, and the National Cyber Security Centre.
Government Response
Accepted
Government Response
Accepted
HM Government
Accepted
6. PAC conclusion: Despite lessons learned from the cyberattack on the LAA, funding to address weaknesses across MoJ systems is uncertain. 6a. PAC recommendation: In the Treasury Minute response, the Ministry of Justice and the Legal Aid Agency should set out: • The lessons it has learned from the crisis and how and when it plans to share these lessons with other government departments. 6.1 The government agrees with the Committee’s recommendation. Recommendation implemented: August 2025 6.2 The MoJ and LAA have already identified and shared lessons from the attack through several routes. Internally, across MoJ, this has taken place at: MoJ Audit and Risk Assurance Committee; within the MoJ Executive Committee and Senior Leadership Group; and with the HMCTS Executive Leadership Team. Lessons have also been shared with Permanent Secretaries as part of their weekly cross-government meetings, and to the cross-government data practitioners’ network. 6.3 In the months following the attack the department shared technical details with public sector security teams through the Government Cyber Coordination Centre (GC3) Impact Coordination Group, as well as writing to the HMG Chief Information Security Officer (CISO) network. The department has also taken experiences of the attack and developed a tabletop exercise that can be used by other departments to role play the scenario and test their thinking and business continuity systems against. This has been shared with the Government Cyber Unit for ongoing use. 6.4 The MoJ and LAA continue to work to identify lessons and to share these with stakeholders and are attending the National Cyber Security Centre (NCSC) CyberUK conference as a panel member in April 2026. Further sessions will be provided to assist any other department that requests it and the department has also offered to share learnings across the Operational Delivery Profession. 6.5 The Chief Executive of the Legal Aid Agency (LAA) set out the initial lessons learned at the Committee evidence session in October 2025, including the need for senior leaders to ensure that cyber-vulnerabilities are fully understood and business continuity plans cover a long period.
Source
Committee
Public Accounts Committee
Report
59th Report - Ministry of Justice follow-up: Autumn 2025
07 Jan 2026
HC 1240
Addressee Bodies
HM Treasury
Timeline
Recommendation age
0.4 yrs
Report published
07 Jan 2026