answer text |
<p>I refer the Hon member to my answer to PQ 108123. The email was sent by IASME -
not by the Government. IASME own the content of that communication. It was reported
in the media that the email contained the following information:</p><p> </p><p>"We
would like to make you aware that, due to a configuration error in the Pervade Software
platform we use for Cyber Essentials assessments, the email address you used to apply
for an assessment and your company name may have been released to a third party..."</p><p>
</p><p>"We would like to make it clear that the security of the assessment platform
has not been compromised. Your account, the answers you provided in the assessment
and the report you received are secure. No information other than your email address
and your company name was accessible to the third party."</p><p> </p><p>"An
unknown person accessed a list of email addresses in a log file generated by the Pervade
assessment platform and your email address, company name and the IP address of the
Certification Body was on that list. No other information was accessed. The other
information on the assessment portal itself was not affected in any way and no-one
has accessed the system, your account, the answers you provided or the report you
received. This log file became accessible through a configuration error on the part
of one of the Pervade systems engineers. Pervade have taken immediate steps to address
the error and have resolved the issue."</p>
|
|