UK Criminal Records Office Hit by Cyberattack

The UK's national law enforcement agency responsible for managing criminal record information, the Criminal Records Office (ACRO), has confirmed that a cyber security incident has been the cause of its online portal issues since March 21st.

After delaying issuing a comment on the matter, ACRO has now confirmed that they experienced a cyberattack from January 17th to March 21st. The organization is attempting to resolve the issue and has made efforts to ensure that most of its services are still available.

ACRO had initially announced on March 21st that its online applications were unavailable due to website maintenance. Its website has been down since, with a notice that it is unavailable due to technical issues.

The agency’s responsibilities include providing criminal records on request and sharing those records with foreign nations. As a result of the cyber incident, the organization has asked users to apply for police or international child protection certificates via email.

Although it’s not yet confirmed whether personal data was impacted, ACRO has said that the cyber event is largely affecting delays in the issuance of police certifications. However, according to Evening Standard, affected applicants have been informed that identification information and any criminal conviction data may have potentially been accessed.

ACRO has said that it is working with relevant authorities, including the National Cyber Security Centre, to investigate and rectify the situation. Despite the ongoing issues, it has confirmed that its services to policing and other agencies, and its criminal record exchanges with foreign countries, are still in operation.

It has also confirmed that it took robust action to take the application portal offline as soon as it was made aware of the incident to allow for a full investigation.