Asked by: John Healey (Labour - Wentworth and Dearne)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, pursuant to the Answer of 9 May 2023 to Question 183317 on Capita: Cybercrime, what his Department's (a) policies on and (b) processes for informing (i) public sector employees and (ii) other individuals affected by a breach of Government data are.
Answered by Jeremy Quin
The Cabinet Office takes personal data breaches very seriously. As part of standard procedure, the Cabinet Office advises that all Cabinet Office employees must immediately report breaches to the Security Team and Data Protection Officer. Any breach that meets the legal tests set out in UK GDPR will be reported to the Information Commissioner or data subjects within the statutory deadlines.
It is our policy that data subjects will usually be notified of any incident pertaining to their personal data. Agreements with delivery partner(s) and 3rd party suppliers must stipulate the arrangements and obligations for ensuring that there is an established, effective and timely process to identify and report any actual or suspected losses of data/information by the ‘provider’.
Asked by: John Healey (Labour - Wentworth and Dearne)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, pursuant to the Answer of 2 May to question 182778 on Refugees: Afghanistan, on what dates the Minister for Veterans' Affairs met other ministers on Afghan resettlement since 2 February 2023.
Answered by Johnny Mercer - Minister of State (Cabinet Office) (Minister for Veterans' Affairs)
It has been the standard practice of successive Administrations not to publish granular information relating to ministerial meetings. I remain committed to engaging with colleagues across government to support Afghans who have been resettled in the UK to access independent accommodation.
Asked by: John Healey (Labour - Wentworth and Dearne)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, pursuant to the Answer of 9 May 2023 to Question 183317 on Capita: Cybercrime, whether any (a) civilian and (b) military personnel data was affected by the cyber attack.
Answered by Jeremy Quin
The Cabinet Office, the Financial Conduct Authority and the National Cyber Security Center (NCSC) are working with Capita to understand any risks to government data following the incident in March. Investigations, including client consultation, are ongoing and it would not be appropriate to comment on the detail for security reasons.
Asked by: John Healey (Labour - Wentworth and Dearne)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, how many meetings the Minister for Veterans' Affairs has had with Ministers responsible for Afghan schemes since 2 February 2023.
Answered by Johnny Mercer - Minister of State (Cabinet Office) (Minister for Veterans' Affairs)
I refer my Rt Hon. Friend to the answer given to his question on 2nd May 2023 (182778).
Asked by: John Healey (Labour - Wentworth and Dearne)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, whether any personal information of (a) civilian and (b) military personnel working at (i) fire and rescue services, (ii) the submarine training facility and (iii) other Capita defence sites were affected by the cyber attack against Capita on 31 March 2023.
Answered by Jeremy Quin
The Cabinet Office, the Financial Conduct Authority and the National Cyber Security Center (NCSC) are working with Capita to understand any risks to government data following the incident in March. Investigations, including client consultation are ongoing and it would not be appropriate to comment on the detail for security reasons.
Asked by: John Healey (Labour - Wentworth and Dearne)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, pursuant to the Answer of 24 April to Question 181691, on Capita: Cybercrime, when he expects his Department's investigation into the Capita cyber attack to conclude.
Answered by Jeremy Quin
The Cabinet Office, the Financial Conduct Authority and the National Cyber Security Center (NCSC) are working with Capita to understand any risks to government data following the incident in March. Investigations, including client consultation are ongoing and it would not be appropriate to comment on the detail for security reasons.
Asked by: John Healey (Labour - Wentworth and Dearne)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, on what date the cyber attack against Capita on 31 March 2023 was reported to the Information Commissioner’s Office.
Answered by Jeremy Quin
The Cabinet Office, the Financial Conduct Authority and the National Cyber Security Center (NCSC) are working with Capita to understand any risks to government data following the incident in March. Investigations, including client consultation are ongoing and it would not be appropriate to comment on the detail for security reasons.
Asked by: John Healey (Labour - Wentworth and Dearne)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, with reference to the cyber attack against Capita on discovered on 31 March 2023, whether his Department has identified any personal information of defence personnel for sale online following that incident.
Answered by Jeremy Quin
The Cabinet Office, the Financial Conduct Authority and the National Cyber Security Center (NCSC) are working with Capita to understand any risks to government data following the incident in March. Investigations, including client consultation are ongoing and it would not be appropriate to comment on the detail for security reasons.
Asked by: John Healey (Labour - Wentworth and Dearne)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, with reference to the cyber attack against Capita on 31 March 2023, whether his Department believe Russian hackers were responsible for the incident.
Answered by Jeremy Quin
The Cabinet Office, the Financial Conduct Authority and the National Cyber Security Center (NCSC) are working with Capita to understand any risks to government data following the incident in March. Investigations, including client consultation are ongoing and it would not be appropriate to comment on the detail for security reasons.
Asked by: John Healey (Labour - Wentworth and Dearne)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, with reference to the cyber attack against Capita discovered on 31 March 2023, what personal data was accessed following this attack.
Answered by Jeremy Quin
The Cabinet Office, the Financial Conduct Authority and the National Cyber Security Center (NCSC) are working with Capita to understand any risks to government data following the incident in March. Investigations, including client consultation are ongoing and it would not be appropriate to comment on the detail for security reasons.