Microlise, a Nottingham-based software company, confirmed on Monday that hackers compromised corporate data from its headquarters during a cyberattack three weeks ago. The attack disrupted services for some of Microlise’s customers, including British prison vans and the London Stock Exchange. However, the company assured that “the vast majority of customer systems are back online, with some remaining customers conducting their own security verifications before enabling users.” Microlise emphasized that no customer systems data was compromised in the incident.
The company has notified international authorities about the exfiltration of corporate data from its headquarters and is working with law enforcement on the investigation. Microlise previously informed the stock exchange that some limited employee data was affected by the breach. Microlise employs 463 people at its Nottingham headquarters and 287 staff members across offices in France, Australia, and India.
The company did not disclose the number of individuals impacted by the data breach.
Microlise cybersecurity breach investigation underway
Despite the incident, Microlise’s board does not expect any material adverse impact on its trading forecasts and financial position for this financial year.
As of the publication, the company’s shares were up 2.38%. The Ministry of Justice declined to comment on the reported disruption to prison van tracking, although officials indicated that the incident had no operational impact on prisoner escort services. This supply-chain incident highlights the risks that attacks on third-party suppliers can pose, although there is no indication that the attackers were aware of the connection between Microlise and Serco, the prisoner transportation company.
The British government is currently testing measures to secure supply chains through its Cyber Essentials certification scheme. Initially, the country’s largest banks will introduce security standards into their supplier requirements. Other critical infrastructure operators and public sector contractors may also be required to implement similar supplier requirements under the government’s upcoming legislation, which is expected to be introduced to parliament next year.
