Data breach at DBS Contractor impacts some Guernsey residents

A data breach at a contractor for the Disclosure and Barring Service (DBS) has exposed personal information belonging to some Guernsey residents, officials confirmed this week.

 

UK-based Access Personal Checking Services Ltd (APCS), which processes DBS checks, said its third-party IT provider, Intradev, suffered a cyber incident detected on 4 August.

 

 The breach may have compromised details such as names, contact information, dates and places of birth, and passport or driving licence numbers.

 

 APCS emphasised that no payment card data or criminal conviction records were involved, and its internal systems remain secure.

 

The Office of the Data Protection Authority (ODPA) said it had been contacted by a number of affected Bailiwick residents but that the overall impact “may be limited.” It is working closely with APCS while the investigation continues.

 

Residents are being urged to stay alert for unusual credit activity, change passwords, and enable two-factor authentication where possible.

 

Similar breach notices have been issued in the UK, with organisations including the Diocese of Southwark and Take Back Your Mind UK confirming that personal records submitted via APCS may have been affected.

 

Under Guernsey’s Data Protection Law, organisations must report such breaches to the ODPA within 72 hours and notify individuals if the risks are significant.

 

APCS has pledged transparency and said it will continue to provide updates as more information becomes available.