The UK’s national law enforcement organization, the Criminal Procedure of the UK (ACRO), has confirmed that its systems suffered a cyber attack that resulted in the offset of the site and delays in issuing certificates to the population. ACRO is responsible for managing information about criminal records, supplying data on request and transferring this information to foreign states.
On March 21, ACRO announced that online applications were no longer available due to “technical problems”, whilst the agency’s website could not be accessed due to the same issues, leading to significant delays in certificate issuance. During the period of inaccessibility, applicants were required to apply by email to receive necessary certifications.
Officially linking the failure to the site’s inaccessibility, the agency stated that it had taken decisive measures to disable the application portal when it first became aware of the intrusion. Additionally, it informed all impacted applicants via email. ACRO further disclosed that, to date, no evidence exists to suggest that any personal information was compromised, though according to reports in the Evening Standard, affected applicants claimed that “identification information and criminal record data” were affected.
Though the department still provides police services and other agencies as well as exchanging criminal record information with foreign countries, it is now working with relevant authorities, including the National Cybersecurity Center, to identify and eradicate this attack.