Top cybersecurity figures, such as ESET’s Global Security Advisor Jake Moore and Kevin Beaumont, Head of Security Operations Centre at Arcadia Group Ltd, believe that ACRO has suffered a ransomware attack.
The UK Criminal Records Office (ACRO) has experienced a cybersecurity incident that forced it to take down its customer portal, thereby disrupting several operations, including police certificate procurement processing, which is crucial to process visa applications.
ESET’s global security advisor, Jake Moore, suspects that the agency might have become a victim of a ransomware attack, adding that the attackers likely wanted to steal data. On the other hand, Kevin Beaumont, Head of the Security Operations Centre at Arcadia Group Ltd, also believes that the cyber attack on ACRO is a ransomware attack.
What is ACRO?
ACRO is the UK’s primary policing agency responsible for managing criminal records data and verifying those citizens who want to live or work abroad. The agency also exchanges these records with foreign governments for processing visa applications, as well as sharing information with British police and businesses.
The agency’s data input includes a decade’s worth of names, extended family details, and address histories. In addition, it includes new foreign addresses, passport information, legal representations, photos, data PIN cautions, convictions or charges, arrests, and reprimand-related information.
Furthermore, it checks individuals for cautions, prosecutions, and convictions, which is helpful to companies looking for employees and embassies processing visa applications. The information is extracted from the UK’s Police National Computer, as the agency has an agreement with the Cabinet Office.
ACRO Confirms Security Breach
ACRO was targeted by cybercriminals on January 17, 2023, and the compromise continued until March 21, 2023. The agency had been hinting at cybersecurity issues since January. On February 19th, it claimed a technical issue caused its website to go offline. Fifteen days later, ACRO stated that it couldn’t process police certificates properly.
On March 21st, the agency blamed essential website maintenance for the website outage and asked its customers to remain patient while it resolved technical issues.
During the two months, its website was impacted by the security breach, and user data was compromised. This week, ACRO sent an email to the affected people, stating that although there was no evidence of a data breach, the agency suspected some data, including identification and criminal conviction information, had been compromised.
Since its website is down, the agency has to process police certificate applications manually by email. ACRO stated that it is working with national agencies to probe the incident, revealing that as soon as it realized the security breach it took the customer portal offline.