ACRO criminal records office data breach
ACRO, the UK’s criminal records office, was forced to pull its customer portal offline after a reported cyberattack. As of April 2023, it is still unclear exactly how many people have been affected or what data the cyber attackers have accessed. ACRO said as soon as they were made aware of the incident, they took robust action to take the customer portal offline, and they ensure the matter will be fully investigated.
If you have been affected by the ACRO data breach, you could be entitled to make a claim for compensation. Having your personal data stolen can be very distressing and lead to a range of issues for the individual, including financial losses, identity theft and fraud, and emotional stress. This is why those affected by data breaches are entitled to seek compensation to mitigate the impact.
ACRO sent an email to users early in April 2023 confirming that it had “recently been made aware of a cyber security incident affecting the website between 17 January 2023 and 21 March 2023.” At the time of writing (17 April 2023), the website is still offline stating:
“Our website is offline as we investigate a technical issue, which we now know to be a cyber security incident. Thank you for your continued patience.”
ACRO is a government agency that manages people’s criminal record information. This involves running checks when needed on individuals for any convictions, cautions or ongoing prosecutions, and this data is shared not only with the British police and businesses but with other countries.
The data is often used by employers vetting potential hires and embassies who are processing visa applications and comes from the UK’s Police National Computer via an information sharing agreement ACRO has with the Cabinet Office.
ACRO sent an email to the affected individuals, stating that although there was no evidence of a data breach, the agency suspected some data, including identification and criminal conviction information, had been compromised.
What data was taken in the ACRO data breach?
In an email ACRO sent to users, they confirmed that they had been made aware of a cyber security incident affecting the website between 17th January and 21 March 2023. In this email, it said, “At this time, we have no conclusive evidence that personal data has been affected by the cyber security incident.” They went on to say, “We are very sorry that because of your interaction with ACRO, your data could have been affected, and we are working tirelessly to resolve this matter.”
ACRO said there “does not appear to be any potential risk to your payment information” or to the information or certificates that were dispatched following the application.
They stated that the personal information that could have been affected is “any information supplied to us, including identification information and any criminal conviction data.” This information includes:
Names
Address history
Extended family information
Passport details
New foreign address details
Photo and data PIN cautions
Criminal records, including reprimands, arrests, charges, convictions and legal representation information.
This is all very personal, sensitive information, and in the hands of the wrong people could be damaging and cause significant distress.
The email also mentioned that if the person had a nominated endorser, professional or other third party on their application, their name, relationship to the application, occupation, phone numbers, email addresses and case reference number could also have been affected.
How do I claim?
Step 1
Get in contact by using one of our contact forms throughout the site.
Step 2
We will assess your case based on the information you provide.
Step 3
If you have a valid claim, we will accept your case on a No Win No Fee basis.
Step 4
Claim nowHNK Client Successful in £28,000 Sexual Misconduct and Misfeasance Case Against The Chief Constable of Sussex Police
Who has been affected by the ACRO data breach?
Those who received the email from ACRO were using ACRO’s service as a direct applicant, in support of an application as a nominated endorser, or as a professional administering the application for and with the applicant. It is not clear exactly how many people have been affected and what the implications of this are yet.
ACRO has urged users to make sure they use “strong and unique passwords” for their online accounts and has said to keep an eye out for any suspicious activity, such as phishing emails.
If you received this email from ACRO, it is likely you have been affected.
Can I claim compensation?
Under the UK’s data protection regulations, including the UK General Data Protection Regulation (GDPR), those who have been the victim of a data breach are entitled to seek compensation. This compensation is intended to help those who have suffered a negative impact from a data breach, including reputational damage and emotional distress, and can also help them recoup any financial losses.
Anyone looking to pursue a data breach claim should consult an expert data breach solicitor who can offer specialist advice and support. Here at HNK Solicitors, we have a team of specialist data breach solicitors who have a thorough understanding of the relevant legislation, which can be difficult to understand for those who are not experienced in it. We have years of experience helping clients seek compensation for data breaches. Read our case studies to find out more about some of the recent cases we’ve handled and successfully secured compensation for our clients.
If you are considering pursuing a claim against ACRO, we offer free consultations to discuss the details of your case. If we believe you are entitled to compensation, we can take on your claim on a no-win, no-fee basis. Get in touch with one of our expert data breach solicitors today. Simply fill in our online claim form at the bottom of this page, call us on 0151 668 0814, or send us an email at enquiries@hnksolicitors.com.
How we can help
HNK Solicitors has a team of specialist data breach solicitors who have years of experience working in the sector and fighting to seek compensation for those who have been the victim of a data breach. Our in-depth understanding of the relevant legal statutes and regulations ensures we can provide the best possible chance of you getting the compensation you deserve.
We offer free, no-obligation consultations to help you determine if you can pursue a claim. We also take on claims on a no-win, no-fee basis, so you don’t have to pay a penny upfront, and if your claim is unsuccessful, you don’t owe us anything.
If you would like to discuss a potential claim, get in touch with us today to find out more.
Free Consultation
No-Win-No-Fee
If we believe you have a case, we can pursue your claim for you on a no-win, no-fee agreement. This means it will not cost you a penny to start your claim, and you won’t have to pay if it is not successful.
Client Communication
If we accept your case against ACRO, our dedicated team of Data Protection Solicitors will handle everything for you and keep you up to date throughout the whole process.