Department for Digital, Culture, Media and Sport written question – answered at on 17 November 2017.
To ask the Secretary of State for Digital, Culture, Media and Sport, pursuant to the Answer of 3 November 2017 to Question 109965, if she will place in the Library a copy of the letter sent to registered consultancies of the Government's Cyber Essentials scheme whose data was exposed owing to a configuration error in the Pervade Software platform.
I refer the Hon member to my answer to PQ 108123. The email was sent by IASME - not by the Government. IASME own the content of that communication. It was reported in the media that the email contained the following information:
"We would like to make you aware that, due to a configuration error in the Pervade Software platform we use for Cyber Essentials assessments, the email address you used to apply for an assessment and your company name may have been released to a third party..."
"We would like to make it clear that the security of the assessment platform has not been compromised. Your account, the answers you provided in the assessment and the report you received are secure. No information other than your email address and your company name was accessible to the third party."
"An unknown person accessed a list of email addresses in a log file generated by the Pervade assessment platform and your email address, company name and the IP address of the Certification Body was on that list. No other information was accessed. The other information on the assessment portal itself was not affected in any way and no-one has accessed the system, your account, the answers you provided or the report you received. This log file became accessible through a configuration error on the part of one of the Pervade systems engineers. Pervade have taken immediate steps to address the error and have resolved the issue."
Yes2 people think so
No0 people think not
Would you like to ask a question like this yourself? Use our Freedom of Information site.