An outsourcing service provider responsible for the transfer of British prisoners between prisons, courts and other facilities, has been impacted after a cyberattack on a third party solutions provider.

In an updated statement to the London Stock Exchange on Wednesday, Microlise Group Plc – a provider of SaaS-based transport tech solutions to fleet operators – confirmed that hackers may have accessed employee data but said it is “confident that no customer systems data has been compromised.”

Microlise had first alerted the world of a cyber security incident on Thursday 31 October 2024, but now said it is “pleased to say that it is making substantial progress in containing and clearing the threat from its network.”

Microlise cyberattack

“The Company has been bringing services back online and currently expects this to continue over the coming days with the services essentially back to normal by the end of next week,” the firm told the stock exchange.

“Investigations into the incident are continuing, however, the Company is confident that no customer systems data has been compromised,” it added.

But it admitted that some employee data has been compromised.

“The investigations to date have identified that some limited employee data has been impacted by the incident,” said the firm. “Those individuals that may have been impacted will be notified in line with the Company’s regulatory obligations and the relevant authorities are being made aware including the Information Commissioner’s Office in the UK.”

Microlise said that as matters currently stand, it remains of the view that this incident will not have a material adverse impact on its forecasts or financial position.

But the knock on effects has had an impact beyond Microlise itself.

Serco impacted

Among its customers is outsourcing service provider Serco – that operates prisoner escort services for the UK’s Ministry of Justice.

According to the Financial Times newspaper, Serco staff were informed on Monday that “vehicle tracking, panic alarms, navigation and notifications related to estimated arrival times” were disabled due to the Microlise incident.

Despite this, officials reportedly regard the incident as having no operational impact on the British prisoner escort service.

There is also no indication at the time of writing that the hackers had specifically targetted Microlise in order to hamper or interfere with Serco prisoner transportation services, but the incident does highlight the risks posed by cyberattacks on a third party supplier.

Another example of this was in September 2023, when British high-security fencing supplier, Zaun confirmed it had suffered a “sophisticated cyberattack,” that compromised data belonging to the UK’s Ministry of Defence (MoD).

No excuse for not securing

Jake Moore, global cybersecurity advisor at ESET noted that incidents on sensitive operations like prison transport serves a reminder that outsourcing should not relieve businesses of the responsibility of securing their operations. Companies should implement better due diligence and contingency plans, including offline and manual safeguards.

“This incident once again highlights the critical importance of robust cyber resilience, but particularly for organisations managing sensitive operations such as prisoner transport,” said Moore.

Jake Moore, ESET

“Relying on third party providers for essential services such as tracking and alarms is commonplace, but this attack serves up another reminder that outsourcing does not and should not relieve organisations of responsibility for securing their operations,” said Moore. “Companies need to continue to implement better due diligence and conduct regular security assessments of their supply chain to safeguard against such vulnerabilities.”

“Contingency plans, including offline and manual safeguards, should also be prioritised to maintain security and safety in the event of a cyberattack,” Moore concluded.

Rapid cyberattack remediation

Meanwhile James Neilson, SVP International at OPSWAT, noted how a rapid cyberattack remediation can help minimise the impact on critical services.

“Reports that Microlise’s vehicle tracking services, used by Serco, DHL, and others, were disabled further illustrate the impact of last week’s cyberattack,” said Neilson. “This highlights the need for organisations to enforce robust supplier security policies and validate the security posture of critical service providers to manage cyber risk.”

“As a trusted technology provider, Microlise’s role in asset tracking made it an appealing target for attackers,” said Neilson. “Cybercriminals increasingly understand that disrupting a single supplier can have far-reaching effects across multiple clients.”

“In an era of frequent, high-impact cyberattacks, only a co-ordinated approach that identifies risks and enforces controls across the digital supply chain – supported by strong cyber hygiene and resilient security measures – can prevent service disruptions and data breaches,” said Neilson.

“Quick cyberattack remediation can be the difference between significant impact on critical services or none at all,” Neilson concluded. “Here, delays meant that disabled tracking devices and panic alarms went undetected until a week after the attack.”

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Microsoft Faces £1 Billion Lawsuit For Alleged Overcharging

Lawsuit filed in London against Microsoft alleges customers using rival cloud services, have to pay…

40 mins ago

Elon Musk $56 Billion Pay Deal Rejected, Again

Judge in Delaware for the second time rules against the record-breaking $56 billion pay package…

2 hours ago

China Bans Exports Of Gallium, Germanium, Antimony

Beijing bans exports to US of key materials after Biden administration imposes more restrictions on…

4 hours ago

US Announces New Export Controls On China’s Chip Sector

New round of US semiconductor export restrictions designed to hamper Beijing's capacity to produce high-end…

6 hours ago

Germany Shoulders €600 Million Of Northvolt Debt

Lender KfW is to be reimbursed by the German government more than €600 million ($629…

7 hours ago

Elon Musk Seeks To Block OpenAI’s For-Profit Bid

OpenAI's bid to convert to a 'for-profit' organisation is opposed by Elon Musk and co…

20 hours ago