Registered companies of the UK government’s Cyber Essentials Scheme were notified that their e-mail address information has potentially been exposed following a domain breach earlier today. Consultancies who bid on government contracts to handle sensitive and private information are mandated to acquire badges that are only validated by this particular scheme.
The immediate cause of concern for the affected companies is the threat of exponential increase in phishing attacks. The IASME Consortium, which operates the accreditation, has informed all enrolled parties of the risk and encourages them to take appropriate precautions.
Dr Emma Philpott, CEO of the IASME Consortium, issued a lengthy statement:
We would like to make you aware that, due to a configuration error in the Pervade Software platform we use for Cyber Essentials assessments, the email address you used to apply for an assessment and your company name may have been released to a third party.
We would like to make it clear that the security of the assessment platform has not been compromised. Your account, the answers you provided in the assessment and the report you received are secure. No information other than your email address and your company name was accessible to the third party.
Pervade Software, who provides the tech responsible for supporting the assessment platform in question, have yet to comment on the matter. However, they are believed to have resolved the configuration error which led to the security breach.