APCS criminal background check provider suffers data breach through third-party attack
Learn More
Access Personal Checking Services (APCS), a UK providers of criminal record background checks, has experienced a significant data breach caused by a cyberattack against its third-party software development partner.
APCS processes criminal background screenings for employers across various sectors, including roles involving work with children or vulnerable individuals, healthcare organizations, and financial services institutions. APCS claims it works with more than 19,000 organizations.
The cyberattack was discovered on August 4, 2025, when Hull-based Intradev, a software development company, detected unauthorized malicious activity within its systems. The company's managing director, Steve Cheetham, confirmed the attack and stated that initial containment measures were implemented immediately after the discovery of the breach. Cheetham neither confirmed nor denied that the attack included ransomware.
Exposed data includes:
- Basic personal information
- Passport details
- Driving license information
- National insurance numbers
The number of affected individuals is not disclosed.
APCS has written to customers to notify them of the data breach, but it did not provide a statement.
Intradev's managing director added, "We have reported the incident to the relevant authorities, including the Information Commissioner's Office (ICO) and Action Fraud, and continue to liaise with them as appropriate. We remain committed to fulfilling our legal and regulatory obligations and handling this matter with diligence and care."
