Microlise

History

2024: Hackers disable tracking system and panic buttons in UK AutoButtons

In early November 2024, a cyber attack on Microlise left British prison vans without tracking and alarm systems, although it is assumed that the criminals did not try to take advantage of the situation.

Among Microlise's clients was outsourced company Serco, which provides IT systems for the Justice Department's prisoner escort services. Serco employees were informed that "vehicle tracking, alarms, navigation and notifications related to the estimated arrival time" had been disabled due to a cyber attack on Microlise. Later it turned out that the attackers not only turned off the tracking systems and alarm buttons of the paddy wagon, but could also gain access to employee data, although the company said that "client system data was not compromised." Microlise also added that it "intends to resume services in the coming days."

𝓲

Philafrenzy через Wikimedia Commons / CC BY-SA 4.0

The Justice Department declined to comment. It is assumed that the incident did not have a significant impact on the British prisoner escort service, but the incident once again demonstrated the risks of cyber attacks on third-party service providers. However, there is no reason to believe that the attackers were aware of the connection between Microlise and Serco, which transports prisoners.

The British government is already testing a pilot project to protect such transportation through the Cyber Essentials certification scheme, which would require the country's biggest banks to include new safety standards in service provider requirements. Other critical infrastructure operators and public sector contractors subject to the new cybersecurity bill will also be affected later.^[1]

Notes