Royal Mail is investigating claims of a security breach after a risk actor leaked over 144GB of information allegedly stolen from the corporate’s programs.
Whereas the British postal service has but to substantiate that its programs had been breached, a spokesperson advised BleepingComputer that Royal Mail is conscious of an incident at Spectos GmbH, a third-party knowledge assortment and analytics service supplier.
“We’re conscious of an incident which is alleged to have affected Spectos, a provider of Royal Mail. We’re working with the corporate to analyze the difficulty and set up what affect there could also be concerning their knowledge,” BleepingComputer was advised. “We are able to affirm there was no affect on Royal Mail operations and companies proceed to operate as regular.”
Spectos additionally confirmed in a press release shared with BleepingComputer that its programs had been breached on March 29, and the attackers gained entry to buyer knowledge.
“Spectos GmbH has been the goal of an ongoing cyber assault since March 29, 2025. In keeping with the present standing, unauthorized entry to programs and private buyer knowledge has occurred. The precise scope of the incident is at the moment the topic of intensive forensic investigations,” a spokesperson advised BleepingComputer.
The risk actor behind this leak (who makes use of the “GHNA” deal with on BreachForums) launched 16,549 information allegedly containing Royal Mail clients’ personally identifiable info (together with names, addresses, deliberate supply dates, and extra) and different confidential paperwork.
GHNA says the leaked paperwork additionally embody Mailchimp mailing lists, datasets containing supply/publish workplace areas, the WordPress SQL database for mail brokers.uk, inner Zoom assembly video recordings between Spectos and the Royal Mail Group, and extra.
Breached utilizing stolen credentials
Whereas Royal Mail and Spectos have but to share extra info on the breach, cybersecurity firm Hudson Rock says the attackers gained entry to Royal Mail programs utilizing the credentials of a Spectos worker compromised in a 2021 data stealer malware incident.
“On this case, the contaminated Spectos worker’s credentials offered a gateway to Royal Mail Group’s programs,” Hudson Rock CTO Alon Gal mentioned. “The stolen knowledge sat dormant till lately, when it was weaponized in these high-profile leaks.”
This is not the primary time Royal Mail has handled a security breach because it was based over 500 years in the past. The British postal service was additionally breached two years in the past in a cyberattack claimed by the infamous LockBit ransomware operation.
The January 2023 breach pressured the corporate to halt worldwide transport companies resulting from what it described as a “cyber incident” inflicting “extreme service disruption.” Royal Mail restored these companies three weeks after the ransomware assault impacted its operations.
One other outage hit Royal Mail in November 2022, which took down monitoring companies for greater than 24 hours.
Primarily based on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK methods behind 93% of assaults and easy methods to defend in opposition to them.
