Government Cyber Essentials scheme hit by data breach

June 28 12:38 2017 Print This Article

The UK Government has been left with egg on its face after its much-hyped Cyber Essentials scheme, set up to help organisations to adopt good practice in information security, has suffered its own data breach.

Although the breach, which has exposed the email addresses of many of the scheme’s registered consultancies, is not one of the most serious, it is highly embarrassing for the Government which has vowed to make the UK “the safest place to do business online”.

The breach has triggered warnings that the companies which have been exposed could be targeted by so-called phishing attacks.

The issue has been blamed on a third-party system, provided by Pervade Software, which suffered a configuration error, allowing hackers to access an email log file. They then gained access to details including email addresses, company names and the IP address of the Certification Body used by the organisation.

In a notice to affected firms, Cyber Essentials said: “We would like to make you aware that, due to a configuration error in the Pervade Software platform we use for Cyber Essentials assessments, the email address you used to apply for an assessment and your company name may have been released to a third party.

“We would like to make it clear that the security of the assessment platform has not been compromised. Your account, the answers you provided in the assessment and the report you received are secure. No information other than your email address and your company name was accessible to the third party.”

Pervade claims it has now fixed the issue.

This article and any associated images were originally published here:

  Article "tagged" as:
view more articles

About Article Author

GDPR Associates
GDPR Associates

View More Articles
write a comment


No Comments Yet!

You can be the one to start a conversation.

Add a Comment