Serco, DHL among firms affected by Microlise cyber attack
Telematics firm Microlise has confirmed that attackers accessed employee data in a hack that saw tracking services for customers disrupted.
According to reports in the Financial Times, Serco – which handles the transport of prisoners for the Ministry of Justice – has seen vehicle tracking, panic alarms, navigation, and notifications related to estimated arrival times disabled.
Drivers have been forced to use paper maps and check in with prison bases every 30 minutes.
Other customers believed to be affected by the breach include delivery service DHL Supply Chain and local convenience store chain Nisa, which uses DHL’s services.
In a statement to the London Stock Exchange, Microlise said it was making ‘substantial progress’ in containing and clearing the threat from its network, and that it hoped to have services essentially back to normal by next week.
“Investigations into the incident are continuing, however, the Company is confident that no customer systems data has been compromised. The investigations to date have identified that some limited employee data has been impacted by the incident,” the company said.
“Those individuals that may have been impacted will be notified in line with the Company’s regulatory obligations and the relevant authorities are being made aware including the Information Commissioner’s Office in the UK.”
Microlise has appointed external cybersecurity specialists to help probe the incident, with the company adding it has appropriate cyber insurance and has been in touch with insurers.
Kevin Robertson, COO at Acumen Cyber, said the incident marks another “perfect example” of the disruptive impact of supply chain attacks and the real-world consequences.
“Criminals no longer need to target the top of the chain,” he said. “Today, they are often setting their sights on ubiquitous, but relatively unknown technology platforms, knowing when they render their services unavailable, chaos soon follows in the wake.”
“While not being able to track deliveries will have an operational impact on some organisations, not being able to track the whereabouts of prisoners could have a physical impact on society.”
Exact details on who conducted the attack or their motivations are yet to be confirmed. However, Elaine McKechnie, head of cybersecurity consultancy at i-confidential, suggested the incident bears all the hallmarks of a ransomware attack.
“What is also interesting is that it’s not Microlise themselves who centre in the spotlight of the news. DHL and Nisa are struggling to track deliveries, while, more worryingly, Serco, is unable to monitor the locations of prisoners and panic alarms on prison vans have been disabled,” she said.
“This is a timely reminder that the consequences of supply chain attacks can be just as devastating as those targeting an organization’s own infrastructure, so they must take steps to improve third party resilience as part of their cybersecurity strategies.”
Source link
