UK police suspend work with Eurofins amid cyberattack

UK police have suspended work with Eurofins after the scientific testing company experienced a data breach in early June.

The UK police force has halted all work with the country’s largest forensics provider after a ransomware attack.

Eurofins, which provides a broad range of scientific testing services to companies and governments all around the world, carries out DNA analysis, toxicology, ballistics and forensic works. It is thought to cover more than 50pc of the UK police force’s outsourced casework, which National Police Chiefs’ Council lead for forensics, James Vaughan, said has been diverted to alternative suppliers.

“It is too early to fully quantify the impact, but we are working at pace with partners to understand and mitigate the risks,” he said, speaking to The Guardian.

The company detected a breach on the weekend beginning 1 June 2019, according to Computer Business Review. The attack involved a new malware variant that was initially undetectable by the anti-malware screen of Eurofins’ IT security services provider. It disrupted some IT systems, forcing the company to take a variety of other systems offline in order to minimise the damage. The firm has not confirmed which specific ransomware it was affected by.

Eurofins said: “The facts pattern of this attack as well as information from law enforcement and independent cybersecurity experts lead us to believe that this attack has been carried out by highly sophisticated well-resourced perpetrators.” It also notes that the financial damage incurred “may be material”.

As of 17 June, the vast majority of affected laboratories had restored systems and were fully operational. The company has since said that its investigators found “no evidence of any unauthorised theft or transfer of confidential client data”.

Ransomware is a form of malware in computer programming that infiltrates an IT system and threatens to either publish data or block access to data by encrypting files. One of the most famous recent instances of a ransomware attack being levelled against a government organisation was the 2017 WannaCry attack, which targeted the UK’s NHS. The attack affected 16 hospitals and led to 19,000 appointments being cancelled.