British Royal Mail - 'Cyber Incident'

The British Royal Mail is unable to send letters or parcels overseas after the postal service suffered a significant cyber attack and has said people should not attempt to send mail abroad due to the cyber incident. “Royal Mail is experiencing severe service disruption to our international export services following a cyber incident.

Six sites have been affected, including a huge sorting office located next to Heathrow Airport, where most outgoing international mail is checked before leaving the UK.

The company, which is considered part of Britain's critical national infrastructure, is in touch with the police and at least one security service following the attack. “We are temporarily unable to despatch items to overseas destinations. We strongly recommend that you temporarily hold any export mail items while we work to resolve the issue. Items that have already been despatched may be subject to delays. We would like to sincerely apologise to impacted customers for any disruption this incident is causing,” says the Royal Mail’s Service Update.

Royal Mail’s Parcelforce Worldwide brand was still operating to all international destinations, but customers should expect delays the company has said and so far domestic post has not been affected.

The attack was first discovered on 11th January and Royal Mail staff have been trying to understand the effects and the causes. Royal Mail  said its teams were "working around the clock to resolve this disruption". It said it would update customers when it had more information. A Royal Mail spokesman said: "We have asked customers temporarily to stop submitting any export items into the network while we work hard to resolve the issue."

A company statement warned customers to expect delays or disruptions to packages already sent and urged others not to attempt to send mail internationally while the problems continued. 

The British National Cyber Security Centre has confirmed it is assisting the company, along with the National Crime Agency. Royal Mail which is part of the International Distribution Services network has also reported the incident to its regulator, Ofcom and security authorities.

Depending upon the severity of the incident, it could take weeks to restore Royal Mail’s systems to trusted operational states.

After a breach, the information cyber attackers gain from having been on the inside of an organisation’s digital infrastructure can leave the victim organisation vulnerable to further breaches in the future. If indeed this was a result of a supply chain vulnerability, it further confirms the cyber security industry’s broader concern around large organisations granting trusted access to third parties who may have vulnerabilities which the primary organisation have not foreseen.

Royal Mail has faced a number of challenges over the past year, including a series of strikes by postal workers as part of a long-running dispute over pay and conditions. The Communication Workers Union, which represents more than 115,000 postal workers at Royal Mail, is planning further industrial action, with a fresh ballot due to open later this month.

The recent strike action at Royal Mail, combined with the Christmas surge, have created ideal conditions for launching cyber attacks on the organisation’s systems. Keiron Holyome, VP UK&I at BlackBerry commented "When resources are tightened, it is absolutely critical that organisations focus efforts on identifying any gaps in their security posture... To enable this, it is important that security teams rely on intelligent systems and processes as reinforcements... Using next generation tools that help automate systems and processes will be critical in the fight against cyber attacks as we do not see the scale and sophistication of attacks abating"

International parcel deliveries account for a relatively small proportion of the company’s business, although their services are relied upon by many UK-based online retailers.

The company delivered 152m international parcels in the year to March 2022, amounting to one-tenth of total parcel volumes, according to the most recent accounts. International parcels earned the company £779m in revenue for the year, although that was a marked decline from the £1bn brought in during 2021.

Royal Mail:    Insurance Times        Telegraph:   BBC:    :    Guardian:     FT:   Belfast Telegraph:  

You Might Also Read: 

Ukrainian Postal Service Hit By Cyber Attack:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


« The FBI’s Advice On Ransomware
Dissent Over British  Internet Safety Laws »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The Data Privacy Group

The Data Privacy Group

The Data Privacy Group provide expert professional services underpinned by world leading automation tools and a consulting team specialized in privacy and data protection.

Carson & SAINT

Carson & SAINT

Carson & SAINT is an award-winning consulting firm with deep experience in cybersecurity technology, software, and management consulting.

National Cyber Security Agency (NACSA) - Malaysia

National Cyber Security Agency (NACSA) - Malaysia

NACSA is the leading government agency in Malaysia responsible for the development and implementation of national cyber security management policie and strategies.

Veracity Industrial Networks

Veracity Industrial Networks

Veracity provides an innovative industrial network platform that improves the reliability, efficiency, and security of industrial networks and devices.

Garner Products

Garner Products

Garner design, manufacture, and sell equipment that delivers complete, permanent, and verifiable data elimination.

Envieta

Envieta

Envieta is a leader in cryptographic solutions. From server to sensor, we design and implement powerful security into new or existing infrastructure.

Greenberg Traurig (GT)

Greenberg Traurig (GT)

Greenberg Traurig, LLP (GT) is a global law firm with offices in 40 locations in the United States, Latin America, Europe, Asia, and the Middle East.

Bitbone

Bitbone

Bitbone develop IT infrastructure and IT security solutions that create long-term value.

Guardio

Guardio

Guardio develop tools and products to combat modern web and browser threats.

European Union Agency for Network and Information Security (ENISA)

European Union Agency for Network and Information Security (ENISA)

The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe.

CCX Technologies

CCX Technologies

CCX Technologies design and develop a wide range of cybersecurity and testing solutions for the aviation, and military and government markets.

Occentus Network

Occentus Network

Occentus Network is a telecommunications service provider specialized in High Availability Servers & managed Cloud services.

Stacklok

Stacklok

Stacklok are an Open Source first security company enabling safe Open Source Software consumption.

Logiq Consulting

Logiq Consulting

Logiq Consulting provide a full range of Cyber Security, Information Assurance and System Engineering services.

Bestman Solutions

Bestman Solutions

As a specialist cyber security practice, we believe that people are an organisation’s most valuable asset. Success depends on hiring the right people, and this is where we come in.

CoinCover

CoinCover

Blockchain technology is changing everything. However, it brings its own set of unique risks. Coincover ensures everyone is protected, enabling them to innovate freely, without constraints.