Sign in / up

back to article Criminal background checker APCS faces data breach

A leading UK provider of criminal record checks for employers is handling a data breach stemming from a third-party development company. Access Personal Checking Services (APCS) has written to customers to notify them that their data has been compromised, according to emails seen by The Register, and it confirmed to us that …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. mark l 2 Silver badge

    If companies that are handing criminal background checks and are certified by UK National Cyber Security Centre's (NCSC's) Cyber Essentials program can get hacked and data stolen, then these fly by night companies the UK government want you to hand over your personal info to to verify your age online are without doubt going to eventually get pawned and their data stolen sooner rather than later.

    .

    16 0 Reply
    1. cs_280
      Reply Icon

      100%. The terrible UK id law just makes these companies a massive target they will eventually get breached and what a motherload of data. ..

      1 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    Why? Surely the mom-and-pop fly-by-night identity check companies are only running a trio of APIs. One to their customer, one to APCS, and one to their payments provider, you could do this with two ISP connections, three meduim sized servers, and any virtualisation technology.

    0 1 Reply
  3. Anonymous Coward
    Anonymous Coward

    The UK government oversees the Disclosure and Barring Service

    Is that the same UK government that thinks the OSA is a good idea?

    Because it seems there's potentially a lot of identifying data available now. Is it on the dark web yet? (Asking for a friend...)

    11 0 Reply
  4. Missing Semicolon Silver badge
    Mushroom

    Usual rubbish in statement.

    "basic personal information, as well as passport, driving license, and national insurance details". That *is* financial information, you shysters! A crim can get a loan, social-engineer your bank account, change the ownership of your house at the Land Registry with that information.

    6 0 Reply
  5. Anonymous Coward
    Anonymous Coward

    It gets worse...

    Friend of mine is hit with this, apparently the list of data taken includes: -

    Passport

    Driving Licence

    Date Of Birth

    Name

    Address

    Phone Number

    Birth Town

    NI Number

    Loads of really useful info for hackers to get.

    They (my friend) had their DBS check performed / approved late last year (November). APCS's commitment is that this data is deleted after 6 months so the fact that this data was not deleted before the hack in late July is scandalous. Either the hack happened a lot earlier or APCS failed to follow their own proceedures.

    What's the betting that APCS did something REALLY dumb and handed over a non sanitised data set to Intradev to work with earlier in the year...

    1 0 Reply
  6. yorkshireman54

    APCS Brands in use

    APCS Appears to be a major supplier to the Church of England and Schools across England

    This is a list of Brands from the affected company

    Access Personal Checking Services Ltd.

    https://www.criminalrecordchecks.co.uk

    https://www.onlinebasicdisclosure.co.uk

    https://www.onlinecrbcheck.co.uk

    https://overseaschecks.co.uk

    https://onlinedbscheck.co.uk

    https://www.enhanceddbschecks.co.uk

    https://www.accesspcs.co.uk

    Disclosure and Barring Service Registered Body Number 22708200000

    1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like