The third-party mailbox used by Computacenter employees and contractors to deposit data for security clearance applications has been hacked and used in phishing scams. We have established that a mailbox provided by a third party as part of the vetting service it provides to Computacenter UK Ltd has been the target of a cyber security attack. The mailbox was used to collate data from individuals when information relating to their security clearance applications was deemed to be missing or incorrect. The "attacker" gained entry and changed the password for the mailbox, which system audit logs showed prevented further access by Computacenter. On being made aware of the attack, Computacenter said it initiated the Group Information Assurance compliance methodology, establishing that other systems connected to the security vetting process were unaffected and "secure workaround processes for security clearance have been implemented". One source who sent data to the affected mailbox told us it was used for vetting Computacenter workers for all sorts of sites and customers.