On 28 August 2025, the BBC reported a serious DBS data breach involving Access Personal Checking Services (APCS). The breach exposed highly sensitive personal data submitted as part of criminal record checks – including passports, driving licences, and utility bills – across a wide range of industries.
To be absolutely clear – this breach did not involve Employment Tools or Aaron’s Department in any way. We are completely separate from APCS, its associated brands, and the third party who makes their software. Our DBS software is made completely in-house – partly to help prevent major issues like this occurring.
If your organisation or candidates were affected, we are truly sorry. No one should have to deal with the consequences of a data breach, especially when there’s absolutely nothing you could have done about it. It’s a reminder that your DBS provider’s systems are just as important as the service they offer.
The Scale of the DBS Data Breach
The BBC confirmed that:
- Thousands of people who applied for DBS checks through APCS were affected.
- Exposed data included identity documents such as passports, driving licences, and other personal information.
- The breach has been reported to the Information Commissioner’s Office (ICO).
- APCS paused all online DBS applications while investigating the incident.
You can read the full BBC article here.
The Bigger Picture: More Than One Brand
It’s important to understand that APCS doesn’t operate under a single name/brand. They run multiple websites and trading names to offer their DBS services. If your organisation uses a DBS service, we strongly recommend double-checking who they are, and whether they’re associated with APCS.
Why This Happened: Third-Party Vulnerabilities
From what we know, APCS’s system was not built in-house. It appears their DBS platform was outsourced to an external development company, Intradev, rather than building and maintaining their own in-house system. By doing so, they limited the control they had over the security, integrity, and ongoing protection of the data being handled – and unfortunately, that risk has now become a reality.
Intradev’s Managing Director, Steve Cheetham, confirmed:
“This incident involved unauthorised malicious activity with our systems and is being treated as a significant IT incident,”
“Initial containment measures were implemented immediately. We are currently conducting a detailed investigation into the incident, including a review of the affected files and systems.”
“At this stage, we are working to understand the nature and scope of the data involved.”
So far according to TheRegister, Access Personal Checking Services are refusing to comment or provide further information or reassurance about the breach, and how many people are affected: https://www.theregister.com/2025/08/22/apcs_breach/
In today’s compliance-heavy environment, trusting your DBS provider means trusting their software.
So if you’re unsure who built your current DBS platform, or how well it’s secured, now is the time to ask.
How We Keep Your Data Safe at Employment Tools
Now it is only appropriate that we explain how we operate at Employment Tools by Aaron’s Department. We take a very different approach to help keep your data secure.
Our entire DBS check platform is:
- Built and maintained 100% in-house
- Hosted securely in the UK
- Regularly penetration-tested and externally audited
- GDPR-compliant and ICO-registered
Because we built the platform ourselves, we don’t rely on third parties to fix problems or secure your data – we handle it all internally, with direct control.
What This Means for Employers
If you currently use a DBS provider that relies on third-party platforms, now is a good time to ask the hard questions:
- Do you own your system, or is it built by someone else?
- Where is applicant data stored?
- Is your software regularly penetration-tested?
- Can you guarantee GDPR compliance at every level?
If they hesitate to answer, it might be time to look for a safer option.
We’re Here to Help – However You Need Us
If your organisation is currently using APCS/one of their associated brands, or if you’re simply looking to switch to a safer, more transparent DBS provider, we’re here to help.
Whether you want advice, a quick chat, or a full demo of our system, we’re happy to talk things through – by phone, email, or video call. Just get in touch, and we’ll make sure you’ve got the information and support you need to move forward with confidence.