Companies: Data Protection

(asked on 11th September 2017) - View Source

Question to the Department for Digital, Culture, Media & Sport:

To ask the Secretary of State for Digital, Culture, Media and Sport, how many companies were notified of the data breach experienced by an accredited body for Cyber Essentials in June 2017 that resulted in its list of registered consultancies being stolen.


Answered by
Matt Hancock Portrait
Matt Hancock
This question was answered on 9th November 2017

A configuration error from a supplier led to data containing 801 email addresses, usernames, company name, and IP addresses from 800 companies, including assessors of and applicants to the scheme, being exposed. There is no information to suggest it was extracted. No personal data was released. The scheme's certification bodies and all 801 email addresses were notified by email and were provided directly with advice and guidance.

Cyber Essentials remains one of the best ways for organisations to test and show they have protected themselves against the most common cyber threats, including phishing and malware attacks. All firms which rely on the internet should aim to have a Cyber Essentials certificate to show they have met the minimum standards.

Reticulating Splines