Criminal Records Office Hit By A "Cyber Incident”

The process of securing an overseas visa has been thrown into disarray after the UK Criminal Records Office (ACRO) was hit with a two-month cyber security “incident” resulting in a backlogs of visa applications waiting for criminal clearance after the cyber incident impacted services for two months.

ACRO is a policing service that provides certificates to Britons with details of their criminal records to attach to visa applications when applying to travel and work abroad.

ACRO has been struggling to recover from a cyber event since January 17. An email sent to customers impacted by the operational issue reportedly claimed that their data may have been exposed, although the nature of the incident has not yet been disclosed.

This could mean highly sensitive data including “identification information and any criminal conviction data” could be in the hands of criminal extortionists.

Tweets from ACRO since January hint at problems for the unit. On February 9 it blamed a ‘technical issue’ for a website outage, and a fortnight later claimed that police certificates were taking longer to process due to ‘heavy demand.’ By March 21, ACRO had returned to blaming ‘essential website maintenance’ for the website outage. A note on the official website asks customers for patience as it “works through our technical issues” and requests applicants send an email to the office.

The incident is understood to have caused significant backlogs in the processing of essential police certificates, without which applicants are unable to obtain work or residence visas for many foreign countries.

There is currently no evidence that personal data or payment information has been affected by the incident. ACRO is currently working with authorities to investigate the incident further. The organisation’s website is currently displaying a single page with essential customer information only, directing them to ACRO’s Twitter account for up-to-date guidance.

 ITPro:     Yahoo:      The Register:    The Record:      Standard:     Infosecurity Magazine:    DigitFY:

You Might Also Read: 

US Federal Court Court IT Systems Breached:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 


Cyber Security Intelligence: Captured Organised & Accessible


 

« Increasing Cyber Attacks On Critical Infrastructure
Japan’s Leading Companies Exposed To Ransomware »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

GlobalSign

GlobalSign

GlobalSign is an identity services company providing cloud-based, PKI solutions for enterprises needing to conduct safe commerce, communications, content delivery and community interactions.

Axial

Axial

Axial Systems is one of the UK’s leading solution providers and systems integrators in network, security and services.

Alert Logic

Alert Logic

Alert Logic has more than a decade of experience pioneering and refining cloud solutions that are secure, flexible and designed to work with hosting and cloud service providers.

Kount

Kount

Kount's “decision engine” platform is ideal for managing fraud in online/telephone channels that process payments and onboard new customers.

NRI Secure Technologies

NRI Secure Technologies

NRI SecureTechnologies is a Cybersecurity group company of the Nomura Research Institute (NRI) and a global provider of next-generation Managed Security Services and Security Consulting.

Galvanize

Galvanize

Galvanize is a leading provider of award-winning, cloud-based security, risk management, compliance, and audit software for some of the world’s largest organizations.

SentryBay

SentryBay

SentryBay is a real-time data security company developing technology for PC, mobile, the cloud and IoT.

Prove & Run

Prove & Run

Prove & Run provides a patented software development toolchain that is specifically forged to deal with the complex security properties of sensitive software components.

Ensign InfoSecurity

Ensign InfoSecurity

Ensign InfoSecurity is Southeast Asia’s largest pure-play cybersecurity firm.

The ai Corporation

The ai Corporation

The ai Enterprise Fraud Solution is an on-prem or cloud-based self-service, machine learning fraud detection and prevention tool set.

Cybersecurity Collaboration Forum

Cybersecurity Collaboration Forum

The mission of the Cybersecurity Collaboration Forum is to foster information security communication and idea sharing across the C-Suite, enabling leaders to better protect their enterprises.

Nominet

Nominet

Nominet's cyber division offers network detection and response services to governments and enterprises worldwide.

Fluid Attacks

Fluid Attacks

Fluid Attacks specialize in red team operations as well as technology development that continuously enhance our security testing services.

SoloKeys

SoloKeys

SoloKeys provides the first open-source FIDO2 security key: Protect your online accounts against unauthorized access by using the most secure login method.

Tide Foundation

Tide Foundation

Tide's breakthrough multi-party-cryptography enables TRUE-zero-trust technology that unlocks cyber-herd immunity.

N-able

N-able

N-Able deliver simple and sophisticated monitoring, security, and business solutions that empower you to solve your toughest IT challenges.

The PenTesting Company

The PenTesting Company

The PenTesting Company is owned and operated by offensive security professionals. Penetration Testing is essentially all we do.

Pessimistic Security

Pessimistic Security

The team behind Pessimistic helps blockchain startups meet modern security challenges since 2017.

VISO Cyber Security

VISO Cyber Security

VISO provide Cyber Security Consulting and CISO as a Service to companies who need to augment their leadership teams with information security expertise.