‘Cyber attack’ on scientific testing firm puts court trials at risk

Huge cyber attack on British police’s biggest forensic testing firm could delay THOUSANDS of court cases

  • Luxembourg-based Eurofins Scientific was hit by ransomware attack this month 
  • The firm is used by police to carry out forensic tests for criminal investigations  
  • Following the attack, Eurofins said there may be ‘delays to some of its services’ 
  • It has laboratories in Middlesex, Cambridgeshire, Oxfordshire and Derbyshire

Court trials in England and Wales are at risk after a scientific testing firm used to carry out forensic tests for criminal investigations was hit by a ransomware attack.

Luxembourg-based Eurofins Scientific, which has laboratories in Cambridgeshire, Oxfordshire and Derbyshire, was hit by the attack over the weekend of June 1 to 2.

Its IT systems were disrupted and taken offline as a result and the company released a statement saying the attack had been ‘highly sophisticated and well-resourced.’

No data appeared to have been stolen in the breach, but Eurofins said customers could experience ‘potential temporary disruption or delays to some of its services’. 

This was highlighted on Thursday when a court in Kent was told the firm was still in a ‘cyber crime lockdown’, and that neither the prosecution or defence could have access to forensic material. 

Luxembourg-based Eurofins Scientific was hit by the attack over the weekend of June 1 to 2 (pictured, a technician searching for fingerprints on a knife at Eurofins)

Eurofins Scientific has offices in Cambridgeshire, Oxfordshire and Derbyshire. A court has been told it is still in ‘cyber crime lockdown’

Currently any forensic evidence held by Eurofins as part of its work in criminal investigations is not being released until security can be assured. The court in Kent was told this could last ‘a number of weeks’. 

At the court on Thursday, an application was being made to break the scheduled start date of an attempted murder trial at Maidstone Crown Court.  

Judge Philip Statman was told that the cyber crime lockdown was in force to ensure any forensic material remained secure until the problem was resolved.

Therefore, ‘nothing could be released’ by the firm to either prosecution or defence teams, and even its email service was at one stage unavailable, the court heard.

Judge Statman, whose attention was drawn to the cyber attack in a judicial email, highlighted the potential implications to trials in England and Wales over the coming weeks.

Judge Philip Statman (pictuired) was told that the cyber crime lockdown was in force to ensure any forensic material remained secure until the problem was resolved

He said: ‘It is clear from what I have been told that because of this cyber attack, both prosecution and defence are prejudiced to such an extent that this case simply cannot go ahead.

‘This evidence (held by Eurofins) is at the heart of the case for the prosecution and at the heart of the case for the defence, and I simply have to break the fixture.’

Referring to the situation as ‘an extraordinary state of affairs’, Judge Statman added: ‘This is but one of many cases the forensic science service is dealing with that is affected by the cyber attack, and then there is the pecking order as to what is dealt with first.’

Despite agreeing to break the trial fixture – originally scheduled for July 1 – the case will be relisted next week in the hope the issue has been resolved.

Eurofins has approximately 45,000 staff and carries out food, pharmaceutical and environmental tests in its worldwide laboratories.

On June 3 it released a press statement to say that it was carrying out work to install additional protections and restore the affected systems.

However, it indicated the upgrades could take ‘some time’ to implement.

In a later statement released on June 10, Eurofins said it believed the attack had been carried out by ‘highly sophisticated, well-resourced perpetrators’.

It added that an investigation had ‘so far’ not detected evidence ‘of any unauthorised theft or transfer of confidential client data’.

Source: Read Full Article