Thousands of court trials in England and Wales are at risk after a scientific testing firm used to carry out forensic tests for criminal investigations was hit by a huge cyber attack.
Luxembourg-based Eurofins Scientific, which has laboratories in Cambridgeshire, Oxfordshire and Derbyshire, was hit by the ransomware attack over the weekend of June 1 to 2.
Its IT systems were disrupted and taken offline as a result and the company released a statement saying the attack had been ‘highly sophisticated and well-resourced.’
The cyber attack could delay thousands of court cases in the UK.
A criminal probe has now been launched into the cyber-attack and the National Police Chiefs’ Council (NPCC) said all submissions to the firm have been temporarily suspended.
No data appeared to have been stolen in the breach, but Eurofins said customers could experience ‘potential temporary disruption or delays to some of its services’.
This was highlighted on Thursday when a court in Kent was told the firm was still in a ‘cyber crime lockdown’, and that neither the prosecution or defence could have access to forensic material.
Luxembourg-based Eurofins Scientific was hit by the attack over the weekend of June 1 to 2 (pictured, a technician searching for fingerprints on a knife at Eurofins)
The National Crime Agency (NCA) is leading a criminal probe into the attack.
NCA director of threat leadership Rob Jones said: ‘Specialist cyber-crime officers from the NCA are working with partners from the National Cyber Security Centre and the NPCC to mitigate the risks and assess the nature of this incident.
‘We are securing evidence and forensically analysing infected computers, but due to the quantity of data involved and the complexity of these kinds of inquiries, this is an investigation which will take time.’
Chief Constable James Vaughan, the NPCC’s lead for forensics, said: ‘As a result of the ransomware attack against Eurofins Scientific, we have temporarily suspended all law enforcement submissions to their forensic science subsidiary.
‘Our priority – alongside the Association of Police and Crime Commissioners – is to minimise the impact on the criminal justice system.
‘We have put our national contingency plans in place, which will see urgent submissions and priority work diverted to alternative suppliers to be dealt with as quickly as possible.
‘It is too early to fully quantify the impact but we are working at pace with partners to understand and mitigate the risks.’
Eurofins Scientific has offices in Cambridgeshire, Oxfordshire and Derbyshire. A court has been told it is still in ‘cyber crime lockdown’
Currently any forensic evidence held by Eurofins as part of its work in criminal investigations is not being released until security can be assured. The court in Kent was told this could last ‘a number of weeks’.
At the court on Thursday, an application was being made to break the scheduled start date of an attempted murder trial at Maidstone Crown Court.
Judge Philip Statman was told that the cyber crime lockdown was in force to ensure any forensic material remained secure until the problem was resolved.
Therefore, ‘nothing could be released’ by the firm to either prosecution or defence teams, and even its email service was at one stage unavailable, the court heard.
Judge Statman, whose attention was drawn to the cyber attack in a judicial email, highlighted the potential implications to trials in England and Wales over the coming weeks.
Judge Philip Statman (pictuired) was told that the cyber crime lockdown was in force to ensure any forensic material remained secure until the problem was resolved
He said: ‘It is clear from what I have been told that because of this cyber attack, both prosecution and defence are prejudiced to such an extent that this case simply cannot go ahead.
‘This evidence (held by Eurofins) is at the heart of the case for the prosecution and at the heart of the case for the defence, and I simply have to break the fixture.’
Referring to the situation as ‘an extraordinary state of affairs’, Judge Statman added: ‘This is but one of many cases the forensic science service is dealing with that is affected by the cyber attack, and then there is the pecking order as to what is dealt with first.’
Despite agreeing to break the trial fixture – originally scheduled for July 1 – the case will be relisted next week in the hope the issue has been resolved.
Eurofins has approximately 45,000 staff and carries out food, pharmaceutical and environmental tests in its worldwide laboratories.
On June 3 it released a press statement to say that it was carrying out work to install additional protections and restore the affected systems.
However, it indicated the upgrades could take ‘some time’ to implement.
In a later statement released on June 10, Eurofins said it believed the attack had been carried out by ‘highly sophisticated, well-resourced perpetrators’.
It added that an investigation had ‘so far’ not detected evidence ‘of any unauthorised theft or transfer of confidential client data’.