The body that manages criminal records in the UK is still facing disruption nearly a month after a cyber-attack.
The Acro Criminal Records Office provides records to police, exchanges them internationally & processes certificates for people wishing to work with children or gain emigration visas.
It took its website & application portal offline, when the hack was detected, on March 21.
E-Mail Applications
Staff has been increased to deal with email applications, but delays persist.
“We are working with the relevant authorities, including the National Cyber Security Centre, to investigate & remediate the incident,” an official stated.
There was no “conclusive evidence” personal data had been compromised but investigations were “ongoing”.
‘Pretty frustrating’
On Twitter, customers said they were facing long delays, with many resorting to contacting the Acro Twitter account in the hope of securing their certificates.
John Gilday, in Scotland, told BBC News he had finally received his, so he could apply for a visa to work in Brazil, after 3 weeks of waiting – though his friend had received his much faster.
Rahim Abdel-illah, in Leicester, however, who asked that his surname be withheld, told BBC News he was still waiting for his certificate, so he could get married in Morocco, & had no idea how long it would take as it was now impossible to check the status of his application.
“It’s pretty frustrating & annoying that the police are taking so long to recover from a cyber-attack,” he explained.
Private Information
In Jan., a ransomware attack led to weeks of disruption & delays to services at Royal Mail.
Hackers thought to be based in Russia reportedly demanded nearly $70m (£56m) to return computer services to normal – but Royal Mail refused.
A suspected ransomware attack by a separate gang with links to Russian cyber-criminal networks hit another big company, Capita, on Mar. 31.
Capita holds many public-service contracts, including providing:
- the national telecommunications network for smart meters
- the gas certification scheme
Statement
A Capita official told BBC News: “We continue to work closely with specialist advisers & forensic experts in investigating the incident. We are in constant contact with all relevant regulators & authorities.
“Our investigations have not yet been able to confirm any evidence of customer, supplier or colleague data having been compromised. Once our investigations have concluded, we will if necessary inform any impacted parties.
“We have taken all appropriate steps to ensure the robustness of our systems & are confident in our ability to meet our service-delivery commitments.”
Remained in Operation
Capita outlined that most client services remained in operation but has not issued an update on its website since April 3.
Also a criminal gang is advertising private information thought to have been stolen in the hack.
The UK’s National Cyber Security Centre (NCSC) describes ransomware as a ‘tier-1 national-security threat’, with attacks continuing to increase in scale & complexity.
