The Royal Mail is investigating a potential security breach after a threat actor allegedly leaked over 144 GB of data, reportedly stolen from the British postal service’s systems. While the Royal Mail has yet to say its infrastructure was directly compromised, the company acknowledged the breach originated from a third-party supplier, Spectos GmbH.
The first indications of a breach surfaced when a user by the handle "GHNA" posted on BreachForums. This threat actor claimed to have accessed and leaked a massive trove of data related to Royal Mail. According to the threat actor, the breach spans 16,549 files—amounting to 144 GB of data, including:
Personally identifiable information (PII) of Royal Mail customers (e.g., names, addresses, and planned delivery dates)
In a statement to BleepingComputer, Royal Mail said:
“We are aware of an incident which is alleged to have affected Spectos, a supplier of Royal Mail. We are working with the company to investigate the issue and establish what impact there may be regarding their data. We can confirm there has been no impact on Royal Mail operations and services continue to function as normal."
Spectos, a data collection and analytics service provider, confirmed it was the target of a cyberattack over the weekend, resulting in unauthorized access.
“Spectos GmbH has been the target of an ongoing cyber attack since March 29, 2025. According to the current status, unauthorized access to systems and personal customer data has occurred. The exact scope of the incident is currently the subject of intensive forensic investigations,” the company explained.
While Spectos didn’t disclose the full extent of the compromised data, it did acknowledge that attackers gained access to personal information stored on its systems and that an active forensic investigation is underway.
If the alleged exposed data, such as names, delivery addresses, and other shipment-related details, may have been exposed, customers could be at risk of phishing attacks, identity theft, and other fraudulent schemes.
Proactive measures users can take to stay safe:
Pro tip:
Use identity protection services: Digital Identity Protection from Bitdefender can help you monitor your online footprint, providing real-time alerts if your personal information surfaces on the dark web or in compromised databases. Our service offers proactive monitoring that helps you detect unusual activity early on, reducing the likelihood and impact of identity theft.
tags
Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.
View all postsMarch 12, 2025
February 20, 2025
February 11, 2025
December 24, 2024