Criminal Records Office Hit By A "Cyber Incident”

The process of securing an overseas visa has been thrown into disarray after the UK Criminal Records Office (ACRO) was hit with a two-month cyber security “incident” resulting in a backlogs of visa applications waiting for criminal clearance after the cyber incident impacted services for two months.

ACRO is a policing service that provides certificates to Britons with details of their criminal records to attach to visa applications when applying to travel and work abroad.

ACRO has been struggling to recover from a cyber event since January 17. An email sent to customers impacted by the operational issue reportedly claimed that their data may have been exposed, although the nature of the incident has not yet been disclosed.

This could mean highly sensitive data including “identification information and any criminal conviction data” could be in the hands of criminal extortionists.

Tweets from ACRO since January hint at problems for the unit. On February 9 it blamed a ‘technical issue’ for a website outage, and a fortnight later claimed that police certificates were taking longer to process due to ‘heavy demand.’ By March 21, ACRO had returned to blaming ‘essential website maintenance’ for the website outage. A note on the official website asks customers for patience as it “works through our technical issues” and requests applicants send an email to the office.

The incident is understood to have caused significant backlogs in the processing of essential police certificates, without which applicants are unable to obtain work or residence visas for many foreign countries.

There is currently no evidence that personal data or payment information has been affected by the incident. ACRO is currently working with authorities to investigate the incident further. The organisation’s website is currently displaying a single page with essential customer information only, directing them to ACRO’s Twitter account for up-to-date guidance.

 ITPro:     Yahoo:      The Register:    The Record:      Standard:     Infosecurity Magazine:    DigitFY:

You Might Also Read: 

US Federal Court Court IT Systems Breached:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 


Cyber Security Intelligence: Captured Organised & Accessible


 

« Increasing Cyber Attacks On Critical Infrastructure
Japan’s Leading Companies Exposed To Ransomware »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IOActive

IOActive

IOActive serves as a trusted security advisor to the Global 500 and other progressive enterprises, helping to safeguard their most important assets and improve their overall security posture.

Blueliv

Blueliv

Blueliv is a leading provider of targeted cyber threat information and intelligence. We deliver automated and actionable threat intelligence to protect the enterprise and manage your digital risk.

Security Affairs

Security Affairs

Security Affairs is a blog covering all aspects of cyber security.

CSIRT Malta

CSIRT Malta

CSIRT Malta supports critical infrastructure organisations in Malta on how to protect their information infrastructure assets and systems from cyber threats and incidents.

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

OGCIO supports the development of community-wide information technology infrastructure and setting of technical and professional standards to strengthen Hong Kong’s position as a world digital city.

Savanti Consulting

Savanti Consulting

Savanti provides practitioner-led cyber security services tailored to meet each organisation’s unique requirements.

eLearnSecurity

eLearnSecurity

eLearnSecurity is an innovator in the IT Security training market providing quality online courses paired with highly practical virtual labs.

Forum Systems

Forum Systems

Forum Systems is a global leader in API Security Management with industry-certified, patented, and proven products deployed in the most rigorous and demanding customer environments.

Etonwood

Etonwood

Etonwood specialises in infrastructure and vendor technology recruitment in areas including cloud platforms, cyber security and service management.

Aware

Aware

Aware is the only comprehensive AI solution for governance, risk, compliance and insights for leading collaboration platforms.

Amidas Hong Kong

Amidas Hong Kong

Amidas is your trusted companion on the road to Digital Transformation. We provide a full range of Information Technology Solutions and Professional Services to Enterprise customers.

Amnesty Tech

Amnesty Tech

Amnesty Tech's Security Lab leads technical investigations into cyber-attacks against civil society and provides critical support when individuals face such attacks.

VISTA InfoSec

VISTA InfoSec

VISTA InfoSec is a global Information Security Consulting firm with offices based in US, UK, Singapore and India.

Visory

Visory

Great businesses depend on great technology. We make sure our clients go to market with enterprise-level technology and world-class security for their data and infrastructure.

Muscope Cybersecurity

Muscope Cybersecurity

Muscope CYSR platform performs a risk assessment and offers a comprehensive overview of the potential cyber attack risks.

Gomboc.ai

Gomboc.ai

Gomboc solve cloud infrastructure security policy deviations by providing tailored remediations to the IaC (Infrastructure as Code).

Dropzone AI

Dropzone AI

Dropzone AI are creating a generational leap in SecOps by using AI to automate cyber expertise and tooling.