The body responsible for running courts in England and Wales has been accused of a cover-up after a leaked report revealed it took several years to respond to a virus that caused evidence to go missing, be overwritten, or simply not appear.
According to HM Courts & Tribunals Service (HMCTS), judges in civil, family, and tribunal courts will have made decisions on cases where the evidence was incomplete. The internal report states that HMCTS did not conduct a thorough investigation, meaning it did not know the full extent of the data manipulation, including whether or how it had affected cases. Judges and lawyers were also unaware, and the leadership at HMCTS decided it would "be more likely to cause more harm than good" to inform them.
HMCTS maintains there is no evidence that "any case outcomes were affected" as a result of these technical issues. However, Sir James Munby, the former head of the High Court's family division, told the BBC that the situation was "shocking" and "a scandal."
The bug was found in case-management software used by HMCTS, the Ministry of Justice (MoJ) department that manages many courts in England and Wales, as well as tribunals across the UK. The application, also known as Judicial Case Manager, MyHMCTS, or CCD, is used to gather evidence and track cases before the courts. It is used by judges, lawyers, caseworkers, and members of the public. Documents seen by the BBC show that it caused data to be obscured, meaning medical records, contact details, and other facts were sometimes unavailable in case files used in court. The Social Security and Child Support (SSCS) Tribunal, which handles benefit cases, is thought to have been the most affected. BBC reports also indicate that bugs have affected case management applications used by other courts, including those dealing with family, divorce, education, civil rights, and probate. Sir James Munby told the BBC, "These hearings often determine people's lives. An error could mean the difference between a child being rescued from an unsafe environment and a vulnerable individual missing out on benefits."
'Culture of cover-ups'
The BBC has interviewed several sources within HMCTS who have likened the situation to the Horizon Post Office scandal, where executives attempted to hide evidence of the system's flaws. One source claims there was "general fear" over the software's configuration, which they say "was not developed properly or robustly" and had a long history of data loss. Despite repeated warnings from the department's IT workers, one claims that senior management was reluctant to "acknowledge or face the facts" of the situation. According to one of the sources, "There is a culture of cover-ups. They are not worried about the danger to the public, but they are concerned about people finding out about the risk to the community. It's terrifying to witness." When asked, the MoJ told us that many companies had been involved in the design and production of the app but that no one had a list of them.
'Totally insufficient'
The BBC has obtained MoJ documents (through Freedom of Information requests) and emails in which the SSCS issue was addressed. According to a briefing prepared by HMCTS chief executive Paul Ryan, the danger to proceedings was initially classified as "high," with the possibility of court outcomes being adversely affected being "very likely," which would result in "severe reputational harm to HMCTS."
Nevertheless, HMCTS's initial manual probe only looked at a subset of the most recent three months' worth of claims heard by the SSCS Tribunal, even though the virus was believed to have been present in the system for many years. Out of 609 cases with potential problems, only 109 (17%) were selected for further investigation. Among those, just one was said to have had a "potentially significant effect." According to the briefing, the proposed standard court procedure would ensure that employees would detect any anomalies and manually correct them. It was then decided that the threat to all patients was low and that "no further checks" were required. HMCTS representatives claim that a snapshot of three months' worth of data was "completely ineffective" given the nature of the issue. Professor Alan Woodward, a leading IT security specialist who has worked for the UK government and consults on topics including forensic computing, shared their worries. According to him, "HMCTS] undertook their probe into a limited number of cases. To say that they had no effect on these tragedies doesn't make sense to me."
Leaked report
According to documents, an HMCTS employee was so concerned that they filed a formal whistleblower complaint, which prompted a new internal probe. This was led by a senior IT professional from the Prison Service and resulted in a long paper that was released internally in November 2024. This is the report that has now been leaked to the BBC. It was designed to "establish the truth" on data theft and data manipulation issues affecting the Social Security and Child Support Tribunal.
Investigators interviewed 15 witnesses, including software engineers and developers, and reviewed internal documents such as incident logs and diary entries. It discovered "large" data leaks that should have been addressed "as soon as they were discovered." According to the study, despite several warnings from senior technical staff from 2019, HMCTS had taken several years to react. Investigators found that the full extent of data manipulation was still unknown, even though case outcomes had been changed because HMCTS had not launched an extensive probe. The study also claims that data breach cases against the IT system used by the civil, family, and tribunal courts are still occurring. Many of the questions raised in the leaked report were similar to those raised by those speaking to the BBC. According to HMCTS representatives, missing evidence may have gone unnoticed. One of them told the BBC, "This is a worrying possibility" and "that data gets lost, no one knows," one says, and there is "a miscarriage of justice. I think this has to be the biggest worry."
'Missing documents'
According to reports, a specific IT defect caused thousands of documents to go missing in the family courts. In one instance, it is alleged that a fault led to more than 4,000 documents going missing from hundreds of public family law cases, including child protection cases. The BBC reports that this bug was discovered in 2023 and has been present for some years. We've been told that it has since been fixed, but that no probe was launched to determine the effect on case results. We asked the MoJ if any emergency child protection cases had been affected. It did not respond to this question.
An HMCTS representative told the BBC in a tweet that "parties and judges in these cases had always had access to the information they needed." Because it was "important" to bring courts and tribunals into the modern era, it promised to "press forward" with digitisation.
Is there information about this story that you want to share? Get in touch with Alys by email at [contact redacted] or on the Signal messaging app, which is an end-to-end encrypted messenger service meant to shield your personal information. SecureDrop is also a fast and secure way to contact the BBC that uses the Tor network.
