APCS Data Breach – Frequently Asked Questions 

What has happened?  

Intradev, an external software supplier APCS use, was subject to a cyber-incident. The perpetrators were able to gain access to a particular part of their system and copied data that they found there.  

EKC Group systems were not breached. Our own network and servers were not compromised. 

All those affected have been sent an email confirming their data was involved in the breach.  

When did this happen?  

• The unauthorised data access occurred on 31/07/2025. 

• Intradev informed APCS on 17/08/2025. 

• APCS began to issue notifications to affected client organisations on 20/08/2025. 

• A partner school informed the Group they had been notified by APCS that they were affected on 21/08/2025. The Group were not notified by APCS that they were affected. Nevertheless, EKC Group immediately began investigations and enquiries into the extent of the breach with APCS to ascertain whether this also affected the Group.  

• As a result of these investigations, it was established on the same day (21/08/2025) that it was likely to affect some individuals in the Group. The Group requested a list of those affected from APCS immediately (on 21/08/2025).  

• APCS provided the names of those affected to EKC Group during the afternoon of Friday 22/08/2025. During the bank holiday weekend our team reviewed each name against our databases in order to obtain relevant contact details. 

• Communications were then sent to affected individuals over the following two working days (Tuesday 26/08/2025 and Wednesday 27/08/2025) 

Have other organisations been affected outside of EKC Group?  

Yes. Many schools, churches and other organisations across the country have also been affected. The Group is one of APCS’ 19,000 customers.  

Has the Information Commissioners Office (ICO) been told? 

Yes. APCS have told us they have notified the ICO. The Group also notified the ICO on Friday 22/08/2025.  

What data is affected: 

Any of the below categories of data input to obtain a DBS check have been breached.   

• name 

• date of birth 

• address  

• phone number 

• place of birth 

• national insurance number 

• passport number 

• driving licence number 

The data is in text format only and does not include: Payment or bank card details, details of any criminal convictions / cautions etc. which would have been on your DBS certificate, or photographs or scanned documents.  

Some individuals did not provide their national insurance number, passport number or driving licence number to obtain their DBS check.  If this is the case those data have not been affected.  If you would like to know exactly which categories were involved for you personally, please feel free to contact 01843 605002 or email enquiries@ekcgroup.ac.uk. 

What support are you offering affected individuals? 

We have provided those affected with information about keeping safe online.  

Whilst the incident involved access to a third party’s system only, and not any access to our own systems, we nevertheless want to make sure that individuals are supported.  With that in mind, we are in the process of purchasing a package with Experian so those affected can, if they choose, sign up to an Identity Plus Account for a 12-month period, giving enhanced protection, fraud support and peace of mind.  

Summary of Experian ‘Identity Plus’ features 

• Unlimited access to your Experian Fraud Report. 

• Credit alerts (email/SMS) for changes on your credit report. 

• CreditLock feature to lock your credit report when not applying for credit. 

• Web monitoring for personal information found on the dark web. 

• Support from Experian’s Victims of Fraud service if you become a victim. 

• Optional Protective CIFAS registration (formerly known as the Credit Industry Fraud Avoidance System) 

If you would like to receive this service, please contact 01843 605002 or enquiries@ekcgroup.ac.uk.  

What if I signed up to CIFAS as advised by my bank before you offered Experian credit checking? 

If you signed up for CIFAS because your bank advised you to do so, before we offered the credit checking services outlined above, then we are prepared on an individual basis to cover the cost.  Please contact 01843 605002 or enquiries@ekcgroup.ac.uk. Proof of purchase will be required. 

How can I remain vigilant? 

Stay alert to unexpected emails, calls, text messages or letters that mention personal details about you.  

Never give personal information to unsolicited callers, even if they seem to know details about you.  

Verify any unexpected contact by calling the organisation directly using their official number.  

9. Is there any other information I can read to find out more? 

Please see below links about how to protect yourself in the case of a data breach 

• Data breaches – protecting yourself from the impact of data breaches   

• Top tips for staying secure online   

• Reporting fraud and cyber crime | Action Fraud  

• Protect yourself from fraud and cyber crime | Action Fraud 

10. Can I speak to someone for further advice? 

Please call 01843 605002 or enquiries@ekcgroup.ac.uk and we can arrange for our team to give you a call to answer any further questions you may have.  

We are a group of six community-based colleges

Our mission is to play a leading role for East Kent in developing the economic and social prosperity of the diverse communities we serve.