Serco, the British multinational known for providing technology services to the military and defense sectors across Europe, has reportedly been the target of a cyber attack. The incident has severely affected the company’s ability to monitor prisoners and track the prison vans used for inmate transportation.
The company is actively working to mitigate the damage and find a solution to recover from the breach, as the incident threatens to damage its reputation significantly. Serco, which holds a contract with the Ministry of Justice to oversee the surveillance of prisoners, is responsible for monitoring and transporting approximately 300,000 individuals annually.
From a technical standpoint, Serco is not directly to blame, as the attack originated from a third-party vendor, Microlise, which was providing software services to Serco. Microlise fell victim to a sophisticated cyber attack, believed to be ransomware, on October 31, 2024. This breach has had ripple effects on other companies, including DHL and NISA, which have also been impacted.
Both the London Stock Exchange and the UK Information Commissioner’s Office (ICO) were notified of the attack earlier this week, and a joint forensic investigation has been launched.
In a statement issued late yesterday, Microlise revealed that the attack also compromised employee data. The cybercriminals are believed to have accessed sensitive information regarding staff members during or prior to the attack.
The UK’s National Cyber Security Centre (NCSC), part of GCHQ, has suggested that the attack may have been carried out by a cybercriminal group with links to Russian intelligence, though this theory remains speculative and lacks concrete evidence.
In the wake of the breach, Serco has disabled the surveillance systems used for monitoring its transport vans. Meanwhile, physical surveillance of the prison facilities has been increased as a precautionary measure.
