UK prisoner e-tracking devices offline after Microlise cyberattack


A fleet of UK prison vans – and its unsuspecting drivers – are left vulnerable for days after prisoner’s electronic tracking devices and the vehicle’s panic alarm buttons are knocked offline during a major supply chain cyberattack.

Microlise, a UK-based fleet management technology provider, was hit by a cyberattack last week resulting in a trickle-down effect on the companies which run services using the firm’s tech platform.

Parcel shipping service DHL UK and Nisa local convenience store chains have both been impacted by the third-party attack – but the largest impact has been on the UK prisoner escort and custody services operator, Serco, which is reportedly struggling to track the locations of prisoners.

ADVERTISEMENT

Serco began the six-year, £200 million contract with the UK Ministry of Justice (MoJ) prison systems this past May, making it one of the MoJ’s largest contractors to date, covering five prison facilities and escorting close to 25,000 prisoners per month.

Inmate tracking devices and panic alarms had been disabled for at least three days before some of the drivers were even notified, the Financial Times reported.

Serco UK prison transport van
Serco prisoner transport vehicle providing Prisoner Escort Services for the UK justice department. London, UK, March 4th, 2024. Image by William Barton | Shutterstock.

Citing a person familiar with the matter, the news outlet reported that in addition to the lack of proper tracking abilities and alarms, the transport vehicles had been sent out “without security for staff,” and that navigation and notifications related to estimated arrival times had also been “unavailable.”

The FT further reported that to properly deal with the outage Serco staff had been given paper maps, instructed to fully charge their mobile phones, and to make contact with with prison bases every half hour while en route.

Kevin Robertson, COO at Acumen Cyber said the Microlose attack is a perfect example of a supply chain cyber attack that has once again caused physical consequences.

“It’s unlikely the attackers behind the assault on Microlise understood the impact of the damage they could cause, but that is one of the realities of supply chain attacks in the digital world, Robertson said.

Robertson pointed out that “while not being able to track deliveries will have an operational impact on some organizations, not being able to track the whereabouts of prisoners could have a physical impact on society."

ADVERTISEMENT

Meantime, DHL was reportedly having issues with its delivery tracking systems for Nisa stores this past week, reported the industry publication Better Retailing.

Nisa’s 2500 UK small grocery stores have been unable to receive updates on deliveries, Better Retailing said.

In response to the incident, DHL said it has since implemented safeguarding measures for customers to help deal with any disruptions.

Microlise attack unfolds

In a filing with the London Stock Exchange on October 31st, Microlise said it had detected unauthorized activity on its networks disrupting a large portion of its services and rendering them “inactive.”

In an updated notice filed on Tuesday, Microlise said it had made “substantial progress in containing and clearing the threat from its network.”

“The Company has been bringing services back online and currently expects this to continue over the coming days with the services essentially back to normal by the end of next week,” Microlise said.

The global telematics and SAS transport platform provider further said that “no customer systems data has been compromised,” although it did say limited employee data was accessed, and investigations are ongoing.

ADVERTISEMENT
Microlise breach notification
RCN London Stock Exchange. Image by Cybernews.

“This is a worrying incident against Microlise which seems to have impacted multiple organizations using their technology, once again demonstrating the volatility of digital supply chains,” said Elaine McKechnie, Head of Cyber Security Consultancy at i-confidential.

“Given threat trend activity and the information available, the incident does bear all the hallmarks of a ransomware attack,” McKechnie said.

McKechnie said it's also interesting that Microlise is not in the spotlight, but mostly the companies who use their technology platform (e.g. DHL and Nisa local), unfortunately "bearing the brunt of the reputational damage."

“This is a timely reminder that the consequences of supply chain attacks can be just as devastating as those targeting an organization’s infrastructure, McKechnie said, adding that taking steps to improve third-party cyber resiliency is necessary for robust security strategy.

“Our single, comprehensive platform provides true control and visibility over your operations, all from one trusted supplier," Microlise states about its Software-as-a-service platform.

Ernestas Naprys jurgita Gintaras Radauskas vilius
Don’t miss our latest stories on Google News

Microlise, which has over 1000 customers worldwide and over 640,000 subscriptions to its tech management platform, stated it has appointed external cyber security specialists to “establish the nature and extent of the incident.”

Microlise provides technology solutions for 88% of UK grocery retailers, as well as other known brands including Eddie Stobart, JCB, MAN Truck & Bus UK, Hovis, etc., it said.

“Criminals no longer need to target the top of the chain, today they are often setting their sights on ubiquitous, but relatively unknown technology platforms, knowing when they render their services unavailable, chaos soon follows in the wake,” Robertson said.

ADVERTISEMENT