UK's forensic system hit by criminal cyber attack

Every police force across England and Wales has been forced to prioritise evidence for forensic testing following a criminal cyber attack affecting one of the primary forensic service providers to UK policing.
By Lucy Leeson
Published 22nd Jun 2019, 07:00 BST
A generic CSI picture.A generic CSI picture.
A generic CSI picture.

The National Police Chief's Council (NPCC) has temporarily suspended all law enforcement submissions to Eurofins Scientific, following a ransomware attack which has caused disruption to many of its IT systems in several countries.

The NPCC said it is working alongside partners in the Association of Police and Crime Commissioners (APCC) to safeguard UK policing and the criminal justice system from the impact of the attack.

It said it is too early to "fully quantify the impact".

Hide Ad
Hide Ad

The National Police Chiefs’ Council Lead for Forensics, Chief Constable James Vaughan, said: “As a result of the ransomware attack against Eurofins Scientific, we have temporarily suspended all law enforcement submissions to their forensic science subsidiary.

“Our priority - alongside the Association of Police and Crime Commissioners - is to minimise the impact on the criminal justice system.

“We have put our national contingency plans in place, which will see urgent submissions and priority work diverted to alternative suppliers to be dealt with as quickly as possible.

“It is too early to fully quantify the impact but we are working at pace with partners to understand and mitigate the risks. We will share more information as soon as we can.”

Hide Ad
Hide Ad

The NPCC said not all police forensics work has been affected and that forces have been able to continue all fingerprint analysis and crime scene investigation as normal.

The Regional Scientific Support Services, based in Wakefield, is where all forensic evidence from the four Yorkshire police forces is sent.

On an average day they deal with more than 100 crime scene investigations.

It is not known how many of their investigations have been affected by the cyber attack.

Hide Ad
Hide Ad

The Crown Prosecution Service said it is currently assessing cases to see if there has been any impact on criminal trials as a result of the attack.

A CPS spokesman said: "The CPS is assessing current cases to identify any impact on criminal trials as a result of this attack, and will ensure all necessary action is taken to allow them to proceed fairly.

“Police investigations continue, but at this stage there is no evidence to suggest that previous convictions are unsafe.”

The National Crime Agency is now leading the criminal investigation into the cyber attack.

Hide Ad
Hide Ad

The National Cyber Security Centre said it is also working to mitigate any harm caused.

In a statement, Eurofins said its priority remains to ensure that the systems used by its companies are free of the malware.

The company said: "Eurofins profoundly apologises to the customers of those of its laboratories and sites that have been impacted by the consequences of this sophisticated attack. In as much as possible the companies concerned have been in communication with affected customers and shared further information as needed and available.

"Substantial progress has been made to put our systems back on line and we continue to put all our efforts to get things back to normal as soon as possible."