U.S. Markets closed

Court cases delayed after police forensics firm hit by cyberattack

Lizzie Dearden

Court cases and criminal investigations are being delayed because of a cyberattack on a firm that carries out forensic testing for British police forces.

Eurofins Forensic Services has seven laboratories in England, which examine blood and DNA from suspects and crucial evidence from crime scenes.

Parent company Eurofins Scientific was hit by a “sophisticated” ransomware virus in June, disrupting its operations in several countries.

The National Police Chiefs’ Council (NPCC) stopped police forces in England and Wales submitting samples to the firm to safeguard data and evidence.

The contingency caused a backlog of about 20,000 samples, which has been reduced to 15,000 in recent weeks.

On Friday, the NPCC announced that Eurofins had been allowed to resume forensic work for British forces.

Assistant Chief Constable Paul Gibson, the police body’s national lead for the forensic marketplace, said: We will continue to monitor and assess the impact on the marketplace, but the backlogs held by forces will be cleared over the weeks to come as we start to gradually restore capacity.

“This will regrettably mean some delays to both investigations and court cases, but I want to assure the public we will continue to work diligently to mitigate the impact upon the criminal justice system and try to ensure that samples can be processed as quickly as the system allows.”

Mr Gibson said restrictions had been imposed to protect the integrity of the British criminal justice system.

“We had to take stringent steps to ensure that police data had, firstly, not been manipulated or changed and, secondly, was suitably protected for the future,” he added.

“There is still significant work to do, but we have approved Eurofins’ return to the marketplace and have removed the restrictions placed on forces over the last few weeks.”

The National Crime Agency is investigating the cyberattack, with the support of the National Cyber Security Centre.

The BBC previously reported that Eurofins had paid a ransom to regain access to its systems, but the company said it could not comment.

A statement issued by Eurofins in June described the cyberattack as “sophisticated” and said staff had attempted to contain it and mitigate the impact.

“We are continuing to work intensively with leading cybersecurity experts to further secure our current systems and infrastructure and to add enhanced security features and measures to protect our systems and data,” a spokesperson added.

“Eurofins profoundly apologises to the customers of those of its laboratories and sites that have been impacted by the consequences of this sophisticated attack.”

The attack came almost exactly two years after the WannaCry ransomware outbreak infected up to 70,000 NHS devices, causing chaos in hospitals and forcing ambulances to be diverted.

The attack, which was followed by other major international ransomware incidents, sparked renewed warnings over the potential impact of cyberattacks on critical national infrastructure.

In March, the Police Federation which represents rank-and-file officers was hit by two cyberattacks that forced it to cancel its annual conference.