Related Articles
Exclusive: Royal Mail confirms cyber attack resulting from third-party provider Spectos
The British Royal Mail has confirmed that it is feeling the effect of a cyber attack that resulted from one of its third-party providers.
Responding to Cyber Daily’s request for comment, the Royal Mail Group confirmed that a cyber attack had occurred on the systems of Spectos, a German data collection, analysis and operations firm.
“We are aware of an incident which is alleged to have affected Spectos, a supplier of Royal Mail,” a Royal Mail spokesperson told Cyber Daily.
You’re out of free articles for this month
“We are working with the company to investigate the issue and establish what impact, if any, there may be regarding their data.”
The statement follows claims made by a threat actor going by the moniker ‘GHNA’ yesterday that claimed to have exfiltrated 144GB of data belonging to Royal Mail “courtesy” of Spectos.
“In March 2025, Royal Mail Group, an established brand with more than 500 years of history, beginning as a postal service exclusively for the King and his Court, suffered a data breach which exposed PII of customers, confidential documents, internal Zoom meeting video recordings between Spectos and Royal Mail Group,” said the threat actor.
Other data included delivery and post office location datasets, Mailchimp mailing lists, a WordPress SQL database for mailagents.uk “and more”.
The threat actor also posted a sample of the data, which includes alleged names, full home/postal addresses, company names, phone numbers, and even a screenshot of a planning meeting allegedly between the Royal Mail Group and Spectos.
GHNA also suggested that this wasn’t the first time that Royal Mail data had been leaked as a result of Spectos.
While Cyber Daily has not been able to identify a previous breach resulting from Spectos, another threat actor listed the Royal Mail on the same hacking forum in October.
Infamous leaker “888” listed the postal service, saying the company “suffered a small data breach which includes over 100 files with a total of 2,698 rows of data”.
However, they say that the breach did not occur directly through Royal Mail and that they lost access quickly, preventing a full exfiltration of data.
Prior to this in 2023, Royal Mail International suffered a ransomware attack at the hands of the LockBit ransomware group, who confused it with the much larger Royal Mail and demanded a ransom of roughly AU$114.5 million (£65.7 million).
Royal Mail said it would never pay such an “absurd amount of money” and despite negotiations, never paid ransom.
Daniel Croft
Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.
Source link
