top of page


  • Philip Osadebay - Tech Journalist

The UK criminal records office experienced a two-month cyber security issue

ACRO, the UK’s national office for managing criminal record information, has been hit by a cyber security incident that lasted for two months from January 17 to March 21, 2023. While ACRO has yet to reveal many details about the incident, there is currently no evidence that personal data or payment information has been affected, according to a statement made by the organisation.

The incident is said to have forced ACRO to take its website offline on March 21. However, the organisation has still not publicly alerted customers of a cyber security incident via official channels.

ACRO’s customer service Twitter account alerted customers of the outage on the same day. The account mentioned that the outage was due to “essential website maintenance” and that online applications were unavailable.

Despite the incident, ACRO has not yet confirmed whether the incident was related to ransomware, though some members of the cyber security industry have suggested this possibility.

In a statement, ACRO confirmed that it was aware of the cyber security incident and is working with national agencies to investigate further. The organisation added that it takes data security very seriously and as soon as it became aware of the incident, it took the customer portal offline. At present, there is no conclusive evidence that personal data has been affected by the incident.

ACRO is still working with authorities to investigate the incident further. Currently, the organisation’s website only displays essential customer information, and customers are directed to ACRO’s Twitter account for up-to-date guidance. According to its customer service Twitter account, ACRO was initially forced to accept applications for police certificates by post only.

The incident comes amid a series of cyber attacks on UK companies and institutions. Rubrik recently confirmed a data breach but evaded Cl0p ransomware allegations, while Lazarus has been blamed for a 3CX attack as byte-to-byte code match discovered. In addition, Western Digital suffered a cyber attack, resulting in the shutdown of its systems. These incidents underscore the urgent need for increased cyber security measures to protect companies and institutions from malicious cyber attacks.


bottom of page