British Royal Mail - 'Cyber Incident'

Uploaded on 2023-01-13 in NEWS-Cybersecurity News, FREE TO VIEW

The British Royal Mail is unable to send letters or parcels overseas after the postal service suffered a significant cyber attack and has said people should not attempt to send mail abroad due to the cyber incident. “Royal Mail is experiencing severe service disruption to our international export services following a cyber incident.

Six sites have been affected, including a huge sorting office located next to Heathrow Airport, where most outgoing international mail is checked before leaving the UK.

The company, which is considered part of Britain's critical national infrastructure, is in touch with the police and at least one security service following the attack. “We are temporarily unable to despatch items to overseas destinations. We strongly recommend that you temporarily hold any export mail items while we work to resolve the issue. Items that have already been despatched may be subject to delays. We would like to sincerely apologise to impacted customers for any disruption this incident is causing,” says the Royal Mail’s Service Update.

Royal Mail’s Parcelforce Worldwide brand was still operating to all international destinations, but customers should expect delays the company has said and so far domestic post has not been affected.

The attack was first discovered on 11th January and Royal Mail staff have been trying to understand the effects and the causes. Royal Mail  said its teams were "working around the clock to resolve this disruption". It said it would update customers when it had more information. A Royal Mail spokesman said: "We have asked customers temporarily to stop submitting any export items into the network while we work hard to resolve the issue."

A company statement warned customers to expect delays or disruptions to packages already sent and urged others not to attempt to send mail internationally while the problems continued. 

The British National Cyber Security Centre has confirmed it is assisting the company, along with the National Crime Agency. Royal Mail which is part of the International Distribution Services network has also reported the incident to its regulator, Ofcom and security authorities.

Depending upon the severity of the incident, it could take weeks to restore Royal Mail’s systems to trusted operational states.

After a breach, the information cyber attackers gain from having been on the inside of an organisation’s digital infrastructure can leave the victim organisation vulnerable to further breaches in the future. If indeed this was a result of a supply chain vulnerability, it further confirms the cyber security industry’s broader concern around large organisations granting trusted access to third parties who may have vulnerabilities which the primary organisation have not foreseen.

Royal Mail has faced a number of challenges over the past year, including a series of strikes by postal workers as part of a long-running dispute over pay and conditions. The Communication Workers Union, which represents more than 115,000 postal workers at Royal Mail, is planning further industrial action, with a fresh ballot due to open later this month.

The recent strike action at Royal Mail, combined with the Christmas surge, have created ideal conditions for launching cyber attacks on the organisation’s systems. Keiron Holyome, VP UK&I at BlackBerry commented "When resources are tightened, it is absolutely critical that organisations focus efforts on identifying any gaps in their security posture... To enable this, it is important that security teams rely on intelligent systems and processes as reinforcements... Using next generation tools that help automate systems and processes will be critical in the fight against cyber attacks as we do not see the scale and sophistication of attacks abating"

International parcel deliveries account for a relatively small proportion of the company’s business, although their services are relied upon by many UK-based online retailers.

The company delivered 152m international parcels in the year to March 2022, amounting to one-tenth of total parcel volumes, according to the most recent accounts. International parcels earned the company £779m in revenue for the year, although that was a marked decline from the £1bn brought in during 2021.

Royal Mail:    Insurance Times        Telegraph:   BBC:    :    Guardian:     FT:   Belfast Telegraph:  

You Might Also Read: 

Ukrainian Postal Service Hit By Cyber Attack:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« The FBI’s Advice On Ransomware
Dissent Over British  Internet Safety Laws »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

OCERT

OCERT

OCERT is the National Computer Emergency Response Team of Oman.

Information Security Research Group - University of South Wales

Information Security Research Group - University of South Wales

The Information Security Research Group has an international reputation in the areas of network security, computer forensics and threat analysis.

CybSafe

CybSafe

CybSafe is a cloud-based platform focussed on addressing the human component of cyber security - an intelligent approach to awareness training.

Conceptivity

Conceptivity

Conceptivity provide risk management solutions in the areas of Supply Chain Security, Cyber Security and Critical Infrastructure Protection.

Mission Secure (MSi)

Mission Secure (MSi)

MSi is a specialized provider of next generation cyber defense solutions protecting control systems and critical physical assets in energy, transportation and defense.

NetFort

NetFort

NetFort provides software products to monitor activity on virtual and physical networks.

Shape Security

Shape Security

Shape Security provide best-in-class defense against malicious automated cyberattacks on web and mobile applications.

Entel CyberSecure

Entel CyberSecure

Entel CyberSecure is a portfolio of Cybersecurity solutions and services for the protection, defense, risk management and regulatory compliance of ICT Systems for corporations and Government.

GMV

GMV

GMV is a technological business group offering solutions, services and products in diverse sectors including Intelligent Transportation Systems, Cybersecurity, Telecoms and IT.

Startup Capital Ventures

Startup Capital Ventures

Startup Capital Ventures is an early stage venture capital firm with a focus on FinTech, Cloud/SaaS, Security, Healthcare IT, and IoT.

NINJIO

NINJIO

NINJIO is a leader in cybersecurity awareness training. View IT Security Awareness through a different lens - entertain and educate your users through storytelling.

NewAE Technology

NewAE Technology

NewAE Technology is revolutionizing the hardware security market by making every engineer and designer aware of side-channel power analysis and glitching as important attack vectors.

CatchProbe Intelligence Technologies

CatchProbe Intelligence Technologies

CatchProbe provides actionable web intelligence, OSINT, deception systems, threat intelligence, and digital crime analytics solutions and products through an AI-Driven intelligence platform.

CyberXposure

CyberXposure

CyberXposure has been built by a team comprising of Cyber Security Professionals and SAAS experts in data backup, disaster recovery and cyber-security.

DuckDuckGoose

DuckDuckGoose

DuckDuckGoose offer advanced solutions to protect against manipulated videos, images, voices and texts.

Secure Enterprise Engineering (SEE)

Secure Enterprise Engineering (SEE)

SEE provides disruptive cybersecurity system engineering, architecture, and operational capabilities to make our customer’s missions execute faster, smarter, and more securely.