There are indications that Royal Mail has suffered a new cyber incident, around two years after it suffered a massive ransomware attack: A hacker called “GHNA” claimed in a darknet forum that he had stolen 144 gigabytes of data from the British postal service.
The message posted March 31 said the stolen data included 16,549 files containing personal information of Royal Mail customers, including names, addresses, scheduled delivery dates and other confidential documents.
Attack possibly via German supplier
The same person recently claimed to have stolen data from Samsung Germany, prompting speculation that the attack method was the same: via the German IT service provider Spectos. Its software is used by numerous companies to monitor the quality of customer service.
According to a report by cybersecurity specialist Hudson Rock, attackers managed to crack the access data of a Spectos employee with an infostealer in 2021.
A Royal Mail spokesperson said: “We are aware of an incident affecting Spectos, a supplier of Royal Mail. We can confirm there has been no compromise of Royal Mail systems and services are continuing as normal. A Spectos investigation is ongoing as well as a review of the data published online. Royal Mail does not send any personal customer or financial data to Spectos.”
Spectos has since also confirmed to BleepingComputer that it had suffered a cyberattack. “We are aware of an incident which is alleged to have affected Spectos, a supplier of Royal Mail. We are working with the company to investigate the issue and establish what impact there may be regarding their data” a Spectos representative told the publication.
