Tracking systems and panic alarms in prison vans and courier vehicles were disabled after Microlise, a provider of vehicle tracking solutions for fleet operators, fell victim to a cyberattack last week.
UK-based Microlise disclosed the incident on October 31, when it notified the London Stock Exchange that ‘unauthorized activity’ on its network affected a large portion of its services.
The company said it retained external cybersecurity experts to investigate the attack and immediately started work on restoring the affected services.
In a November 6 update, Microlise said it was “making substantial progress in containing and clearing the threat from its network” and that it has been bringing services online, with all of them expected to become operational by the end of next week.
The company said that no customer systems data has been compromised in the attack, but noted that some employee data was impacted.
“Those individuals that may have been impacted will be notified in line with the company’s regulatory obligations and the relevant authorities are being made aware including the Information Commissioner’s Office in the UK,” it said.
Microlise pointed out that the attack would not have a material adverse impact on its financial forecast, but shared no further details on the type of cyberattack it fell victim to, nor on the customers that were affected by its services being disrupted.
One of the impacted fleet operators is UK government contractor Serco, which provides prisoner escort services for the Ministry of Justice, moving more than 300,000 prisoners each year.
“We are aware that one of our subcontractors has been impacted by a cyber incident. We have put in place mitigation plans and we have continued to provide prisoner escorting services uninterrupted for the Ministry of Justice,” a Serco spokesman told SecurityWeek.
Reports show that some Serco crews were transporting prisoners without location tracking and adequate security for staff for several days before the impact from the attack was discovered.
On Monday, the company reportedly notified its staff that location tracking, panic alarms, and in-vehicle navigation services were not available, instructing crews to use paper maps, to contact base every 30 minutes, and to ensure their mobile phones were charged.
Express mail courier DHL is said to have been affected as well, with some of its fleet lacking tracking capabilities.
“DHL Supply Chain UK is aware of a downtime incident impacting a third-party supplier which we use. We can confirm this incident has not affected DHL-owned systems. However, as a precaution we have implemented our appropriate safeguarding measures. We are working to resolve the situation and have implemented contingencies to ensure that service levels are maintained for those customers who may be potentially impacted. The incident has no relation to or impact on any other operations of DHL Group, including DHL Express, DHL eCommerce or DHL Global Forwarding. We are in direct communication with the supplier and will communicate any further updates as necessary,” a DHL spokesperson told SecurityWeek.
SecurityWeek has emailed Microlise for additional information on the cyberattack and its impact and will update this article as soon as a reply arrives.
*Updated with statement from DHL.
Related: Cyberattack Blamed for Statewide Washington Courts Outage
Related: Police Are Probing a Cyberattack on Wi-Fi Networks at UK Train Stations
Related: Elon Musk Says Cyberattack Crashed Site Ahead of Trump Livestream Interview
Related: A Second Major British Police Force Suffers a Cyberattack in Less Than a Month