Question to the Department for Digital, Culture, Media & Sport:

To ask the Secretary of State for Digital, Culture, Media and Sport, following the data breach of one of the accrediting bodies for Cyber Essentials in June 2017, what measures the Government has put in place to avoid this happening again.

This was not a breach of any Government data, but a configuration error in the Pervade Software platform used by an external third party, which led to system logs from companies, including assessors of and applicants to the Cyber Essentials scheme, being exposed. There is no evidence to suggest data was extracted. Cyber Essentials is an excellent scheme and an important part of our national response to cyber threats.

The National Cyber Security Centre has ensured the relevant third parties have taken appropriate action in response. The scheme’s Accreditation Bodies are required to take appropriate security measures through contractual obligations relating to the storage of data, including using the latest version of anti-virus software. Following the incident, an independent security audit was conducted on the Pervade software, which resulted in the implementation of a number of minor recommendations. The software is regularly penetration tested.