A "significant amount of personal data" of people who have applied to the Legal Aid Agency has been accessed and downloaded by hackers, according to the Ministry of Justice (MoJ).
The hackers claimed that they accessed 2.1 million pieces of data, however, the MoJ has not confirmed the figure.
The Government became wary of the issue over three and a half weeks ago on April 23, but realised on May 16 that it was more serious than initially thought.
A MoJ source said the "neglect and mismanagement" of the previous Government led to the vulnerabilities in the Legal Aid Agency (LAA) systems.
Hackers claimed they accessed 2.1million pieces of data
GETTYSponsored by the MoJ, the LAA is responsible for administering legal aid funding, which amounts to around £2.3billion.
Anyone who applied for legal aid since 2010 has had their data accessed, including contact details, addresses, their date of birth, criminal history and national insurance numbers.
The MoJ has urged individuals who applied for legal aid in the last 15 years to update any passwords that may have been exposed.
LAA chief executive Jane Harbottle has sincerely apologised and noted the news would be "shocking and upsetting".
She said: "Since the discovery of the attack, my team has been working around the clock with the National Cyber Security Centre to bolster the security of our systems so we can safely continue the vital work of the agency.
"However, it has become clear that, to safeguard the service and its users, we needed to take radical action. That is why we've taken the decision to take the online service down."
The MoJ is working with the National Crime Agency and the National Cyber Security Centre to investigate the breach.
The National Crime Agency explained it is working closely with the MoJ to "better understand the incident and support the department".
The MoJ is working with the National Crime Agency and the National Cyber Security Centre
PAThe news follows cyber attacks on Harrods, the Co-op, and Marks&Spencer, but there is no suggestion that the attacks are connected to the LAA.
M&S shoppers were urged to "stay vigilant" for scams and fraud after the popular retailer confirmed that some personal data had been stolen in a recent cyber attack.
Customers' credit cards and passwords were not stolen in the breach.
The supermarket confirmed that customer data that might have been accessed includes names, email addresses, postal addresses, and dates of birth.
