UK Criminal Records Office Crippled by "Cyber Incident"

Written by

The UK Criminal Records Office (ACRO) has been battling a “cyber incident” for two months, creating backlogs for visa applicants and potentially exposing customer information to compromise, according to reports.

The national policing unit checks the police records of UK citizens who want to work or live abroad.

However, it has been struggling to recover from a cyber event since January 17, according to the Evening Standard. An email sent to customers impacted by the operational issue reportedly claimed that their data may have been exposed.

This could mean highly sensitive data including “identification information and any criminal conviction data” could be in the hands of would-be extortionists.

Various tweets from ACRO since January hint at problems for the unit. On February 9 it blamed a ‘technical issue’ for a website outage, and a fortnight later claimed that police certificates were taking longer to process due to ‘heavy demand.’

By March 21, ACRO had returned to blaming ‘essential website maintenance’ for the website outage. A note on the official site asks customers for patience as it “works through our technical issues” and requests applicants send an email to the office.

Read more on ransomware: Quarter of UK SMBs Hit by Ransomware in 2022.

“We are aware of a cybersecurity incident affecting the ACRO Criminal Records Office website and are working with national agencies to fully investigate. We take data security very seriously, and as soon as we were made aware of this incident we took the customer portal offline,” a spokesperson told the Evening Standard.

“At this time we have no conclusive evidence that personal data has been affected by the cybersecurity incident.”

The incident has reportedly already caused significant backlogs in the processing of essential police certificates, without which applicants are unable to obtain work or residence visas for many foreign countries.

Jake Moore, global security advisor at ESET, claimed ransomware was the most likely cause of the incident, although he added that the primary goal of the threat actors may have been solely data theft.

“Quality ransomware is often very difficult to produce and therefore, over the past few years, threat actors have turned their attention to compromising some or any of the data,” he added.

Trevor Dearing, director of critical infrastructure solutions at Illumio, argued that organizations should be able to withstand breaches with minimum impact to operations.

“ACRO has not disclosed the nature of the cyber incident. However, once a breach occurs in a network it can quickly spread across systems before it is detected,” he said.

“The challenge is detecting such an attack at this point is often too late, which is why it’s critical that organizations shift their focus to breach containment. This means ring-fencing and protecting high-value applications and data by restricting access to only that which is critical and necessary.”

What’s hot on Infosecurity Magazine?