Cyberattackers stole Microlise staff data following DHL, Serco disruption

Telematics tech biz Microlise says an attack that hit its network likely did not expose customer data, although staff aren't so lucky.

"Some limited employee data" was compromised in the incident, Microlise told the London Stock Exhchange today, without going into any great detail about the nature of the data or how many staff members were affected.

Microlise initially disclosed the break-in on October 31, after which time the AIM-listed company's share price dropped 16 percent and has still not fully recovered.

The latest update stated that Microlise expects a full return to service by the end of the week. Work to understand the full extent of the attack, which hasn't been attributed to or claimed by any specific cybercrime group, is ongoing.

"The Company is pleased to say that it is making substantial progress in containing and clearing the threat from its network," it said in the update.

"The Company has been bringing services back online and currently expects this to continue over the coming days with the services essentially back to normal by the end of next week.

"Investigations into the incident are continuing, however, the Company is confident that no customer systems data has been compromised. The investigations to date have identified that some limited employee data has been impacted by the incident. Those individuals that may have been impacted will be notified in line with the Company's regulatory obligations and the relevant authorities are being made aware including the Information Commissioner's Office in the UK."

Microlise told The Register earlier this week that it was working closely with third-party cybersecurity experts to investigate the crime and was fully focused on minimizing disruption for customers.

"The safety and security of customer data and business operations is always our top priority, and we are taking this matter very seriously. We'd like to thank our customers for their patience and understanding during this time."

However, despite efforts to minimize disruption, major customers of Microlise confirmed they were affected to some degree.

Delivery giant DHL, for example, told Better Retailing on the day of Microlise's initial disclosure last week that its delivery tracking capability was unavailable, affecting Nisa Group stores.

The Financial Times also reported this week that British security company Serco, which has myriad public sector contracts, was also hit.

• Schneider Electric ransomware crew demands $125k paid in baguettes
• Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack
• Ransomware's ripple effect felt across ERs as patient care suffers
• Akira ransomware is encrypting victims again following pure extortion fling

Serco said that panic alarms and tracking systems fitted to prisoner transport vans - as part of its contract wiuth the Ministry of Justice - were disabled for a short time, but its services weren't interrupted.

Drivers were also reportedly unaware of the issues for three days, using the vans without tracking capabilities regardless.

The Register contacted a large number of Microlise's other customers but none responded to requests regarding their exposure to the incident other than Tesco, which said it wasn't prepared to comment on the matter.

"This is a worrying incident against Microlise, which is not only impacting logistics firms but also one of the biggest contractors to the Ministry of Justice," said Elaine McKechnie, head of cybersecurity consultancy i-confidential.

"The company has not revealed what type of attack it is suffering from, but given threat trend activity and the information available, the incident bears all the hallmarks of ransomware.

"This is a timely reminder that the consequences of supply chain attacks can be just as devastating as those targeting an organization's own infrastructure, so they must take steps to improve third-party resilience as part of their cybersecurity strategies." ®