APCS confirmed that customer information was exposed.
Access Personal Checking Services, a major UK provider of Disclosure and Barring Service checks, is notifying customers of a data breach linked to a third-party supplier.
According to The Register, the supplier has been named as Intradev. The incident, first detected on August 4th, involved "unauthorised malicious activity" on Intradev's systems. Managing director Steve Cheetham described it as a "significant IT incident."
APCS, which claims to serve over 19,000 organisations across sectors such as healthcare, finance, and child safeguarding, confirmed that customer information was exposed. Impacted data may include personal identifiers, passport details, driving licence numbers, and national insurance information, though financial records are not believed to be compromised.
Investigations are ongoing to establish the scope and attribution of the attack, with both APCS and Intradev pledging to manage the matter in compliance with regulatory obligations.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
