A firm that provided security at Matt Hancock’s office, where leaked CCTV footage showed him kissing an aide, has also worked at the Porton Down defence research laboratory, RAF bases, and a military bunker that would house ministers in the event of a nuclear strike.
Labour called for an immediate audit of government contracts after documents reviewed by the Guardian showed that Emcor provided “facilities management” services at a range of highly sensitive sites, as well as the health department (DHSC).
Contracts show that the US-owned Emcor has earned up to £56m for its work at the DHSC since 2010, providing services including security at the department’s Victoria Street headquarters. Emcor, whose website states that its security division designs and installs “surveillance systems” such as CCTV, confirmed that it was part of the investigation into the leak from Hancock’s office.
Analysis of government disclosures reveals that Emcor has won similar contracts with departments including the Ministry of Defence, Public Health England, and schools and hospitals.
These include work at the defence research centre Porton Down, where it has repaired CCTV, and RAF bases that are home to fighter jets that would scramble to intercept imminent threats to the UK.
An eight-year deal with the MoD and the defence contractor BAE Systems, starting in 2018, involves “facilities management” – the same service provided to DHSC – at RAF Lossiemouth and RAF Coningsby.
The bases are home to Typhoon fighter jets that provide a 24-hour Quick Reaction Alert capability, responding to any threats entering UK airspace. BAE Systems said Emcor performed services such as maintenance and cleaning at the bases and was not responsible for security. It said all staff working on the site were made to sign non-disclosure agreements.
Between May 2018 and April this year, Emcor held a £2.9m contract to manage facilities for the Defence Electronics and Components Agency (DECA), which performs technological maintenance, repairs and upgrades for the MoD.
Another contract, worth up to £16m between March 2017 and August next year, was for facilities management at the MoD’s Defence Crisis Management Centre (DCMC).
The centre, nicknamed Pindar after the ancient Greek poet, is housed in a £126m three-storey bunker beneath the MoD. The secret bunker is where ministers and military commanders would be taken in the event of a nuclear attack on Britain and, in theory, the location from which the order for a strategic nuclear counterstrike would be given.
Emcor has also performed work at Porton Down, one of the UK’s most secretive military research facilities and the site where the novichok nerve agent used in the Salisbury poisonings was analysed in 2018. Its work at Porton Down included a £28,719 contract to perform “emergency CCTV works” between July and November 2016.
The company also earned £290,000 fixing fire alarms at Porton Down in 2019 and £331,810 in 2016 for upgrading an incinerator, which handles dangerous chemical weapons such as sarin nerve gas.
Further contract disclosures show that it has performed work on swipe-access doors at Public Health England and facilities management across a range of undisclosed government buildings.
Labour’s shadow armed forces minister, Stephen Morgan, said: “In a week where the MoD has suffered its third security breach in just six months, these revelations pose fresh questions about the government’s handling of our national security.
“These sites are critical to our national defence. Ministers must urgently investigate and audit any external contracts to see if they pose a national security risk.”
The former health secretary, Matt Hancock, resigned after the Sun published footage of him kissing an aide, Gina Coladangelo, in his office. The government has launched an investigation into the leak, while Hancock’s replacement, Sajid Javid, has said MPs’ offices should not have CCTV in them.
Emcor’s latest £22m contract with the DHSC, which began in December 2018, is understood to have included the installation of security cameras. The deal will take its earnings from the DHSC up to £56m since 2010, assuming the current contract is carried to term.
The terms of the contract include multiple provisions designed to ensure that sensitive government data does not fall into the wrong hands. The contract is covered by the Official Secrets Act, which provides for the protection of state secrets.
People working for Emcor were expressly prohibited from taking photographs of the buildings covered by the agreement, and the company was mandated to stop staff “taking, publishing or otherwise circulating” such pictures.
The agreement includes subcontractors, but a list of them is redacted in the contract. Emcor also had to supply the names of staff working at DHSC to a “service manager” at the department. Their name is also redacted.
An Emcor spokesperson confirmed that it provided security to the DHSC at 39 Victoria Street in London. “We are working closely with [the DHSC], a full investigation into the circumstances surrounding this incident is under way, and we are unable to comment further at this stage,” the spokesperson said.
A government spokesperson said: “The government takes the security of its personnel, systems and establishments very seriously and have robust measures in place, but we do not comment on specific security arrangements or procedures.”
Get worry-free complete website cleanup and protection
Our software continuously scans for malware using our accurate anti-malware database; your site continues to run stable after cleanup. Malware removal takes a moment, not hours. Compatible with PHP-based websites and popular frameworks like WordPress, Drupal, Joomla, DLE, etc.
Our website antivirus does more than just find and remove infected files on your website or put them in quarantine, It removes malicious code (redirections, trojans, backdoors, shell scripts, and other malicious code) from files like PHP, JS, HTML, images, and system files in seconds with high accuracy.