Criminal Records Office Hit By A "Cyber Incident”

The process of securing an overseas visa has been thrown into disarray after the UK Criminal Records Office (ACRO) was hit with a two-month cyber security “incident” resulting in a backlogs of visa applications waiting for criminal clearance after the cyber incident impacted services for two months.

ACRO is a policing service that provides certificates to Britons with details of their criminal records to attach to visa applications when applying to travel and work abroad.

ACRO has been struggling to recover from a cyber event since January 17. An email sent to customers impacted by the operational issue reportedly claimed that their data may have been exposed, although the nature of the incident has not yet been disclosed.

This could mean highly sensitive data including “identification information and any criminal conviction data” could be in the hands of criminal extortionists.

Tweets from ACRO since January hint at problems for the unit. On February 9 it blamed a ‘technical issue’ for a website outage, and a fortnight later claimed that police certificates were taking longer to process due to ‘heavy demand.’ By March 21, ACRO had returned to blaming ‘essential website maintenance’ for the website outage. A note on the official website asks customers for patience as it “works through our technical issues” and requests applicants send an email to the office.

The incident is understood to have caused significant backlogs in the processing of essential police certificates, without which applicants are unable to obtain work or residence visas for many foreign countries.

There is currently no evidence that personal data or payment information has been affected by the incident. ACRO is currently working with authorities to investigate the incident further. The organisation’s website is currently displaying a single page with essential customer information only, directing them to ACRO’s Twitter account for up-to-date guidance.

 ITPro:     Yahoo:      The Register:    The Record:      Standard:     Infosecurity Magazine:    DigitFY:

You Might Also Read: 

US Federal Court Court IT Systems Breached:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 


Cyber Security Intelligence: Captured Organised & Accessible


 

« Increasing Cyber Attacks On Critical Infrastructure
Japan’s Leading Companies Exposed To Ransomware »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Acumin Recruitment

Acumin Recruitment

Acumin is an internationally established Cyber Security recruitment specialist.

Datto

Datto

Datto delivers a single toolbox of easy to use products and services designed specifically for managed service providers and the businesses they serve.

Cyber Aware

Cyber Aware

Cyber Aware aims to drive behaviour change amongst small businesses and individuals, so that they adopt simple secure online behaviours.

Compass Security

Compass Security

Compass Security is a specialist IT Security consultancy firm based in Switzerland. Services include pentesting, security assessments, digital forensics and security training.

Encore Media Group

Encore Media Group

Encore Media Group provide an international enterprise technology event series exploring IoT, Blockchain AI, Big Data, 5G, Cyber Security and Cloud.

British Security Industry Association - CySPAG

British Security Industry Association - CySPAG

CySPAG is a special interest group within the British Security Industry Association (BSIA) focused on reducing the risk of product related cybercrime.

DNX Ventures

DNX Ventures

Based in Silicon Valley and Tokyo, DNX Ventures is an early stage VC for B2B startups in sectors including Cybersecurity.

Veridium

Veridium

Veridium is a leader in single step - multi factor biometric authentication, designed to safeguard enterprises’ most critical assets.

Polymer

Polymer

Polymer is a Data Governance & Privacy Platform for third party SaaS apps. A modern Data Loss Protection (DLP) approach to remove sensitive data exposure on collaboration tools in real-time.

Buchbinder Information Technology Solutions

Buchbinder Information Technology Solutions

Buchbinder Tunick & Company is a premier CPA and advisory firm offering a broad range of assurance, tax, business consulting and IT consulting services.

General Informatics

General Informatics

General Informatics is a team of technology enthusiasts with one mission: to make our clients even more successful through the best use of technology.

Sencode Cyber Security

Sencode Cyber Security

Sencode provides a range of IT security solutions and services, including penetration testing and cyber awareness training to help mitigate the growing risks to your corporate infrastructure.

Recon InfoSec

Recon InfoSec

The Recon InfoSec team includes analysts, architects, engineers, intrusion specialists, penetration testers, and operations experts.

The IoT Academy

The IoT Academy

The IoT Academy is a reputed Ed-Tech Institute that provides training in emerging technologies such as embedded systems, the Internet of Things (IoT), Data Science and many more.

Resourcive

Resourcive

Resourcive is the first Value Added Sourcing “VAS” consultancy. We deliver strategic IT sourcing solutions to mid-market and enterprise clients.

ZAG Technical Services

ZAG Technical Services

ZAG Technical Services is an award-winning information technology consulting firm delivering digital transformation solutions, IT assessments, managed services, security, and support.