British Royal Mail - 'Cyber Incident'

Uploaded on 2023-01-13 in NEWS-Cybersecurity News, FREE TO VIEW

The British Royal Mail is unable to send letters or parcels overseas after the postal service suffered a significant cyber attack and has said people should not attempt to send mail abroad due to the cyber incident. “Royal Mail is experiencing severe service disruption to our international export services following a cyber incident.

Six sites have been affected, including a huge sorting office located next to Heathrow Airport, where most outgoing international mail is checked before leaving the UK.

The company, which is considered part of Britain's critical national infrastructure, is in touch with the police and at least one security service following the attack. “We are temporarily unable to despatch items to overseas destinations. We strongly recommend that you temporarily hold any export mail items while we work to resolve the issue. Items that have already been despatched may be subject to delays. We would like to sincerely apologise to impacted customers for any disruption this incident is causing,” says the Royal Mail’s Service Update.

Royal Mail’s Parcelforce Worldwide brand was still operating to all international destinations, but customers should expect delays the company has said and so far domestic post has not been affected.

The attack was first discovered on 11th January and Royal Mail staff have been trying to understand the effects and the causes. Royal Mail  said its teams were "working around the clock to resolve this disruption". It said it would update customers when it had more information. A Royal Mail spokesman said: "We have asked customers temporarily to stop submitting any export items into the network while we work hard to resolve the issue."

A company statement warned customers to expect delays or disruptions to packages already sent and urged others not to attempt to send mail internationally while the problems continued. 

The British National Cyber Security Centre has confirmed it is assisting the company, along with the National Crime Agency. Royal Mail which is part of the International Distribution Services network has also reported the incident to its regulator, Ofcom and security authorities.

Depending upon the severity of the incident, it could take weeks to restore Royal Mail’s systems to trusted operational states.

After a breach, the information cyber attackers gain from having been on the inside of an organisation’s digital infrastructure can leave the victim organisation vulnerable to further breaches in the future. If indeed this was a result of a supply chain vulnerability, it further confirms the cyber security industry’s broader concern around large organisations granting trusted access to third parties who may have vulnerabilities which the primary organisation have not foreseen.

Royal Mail has faced a number of challenges over the past year, including a series of strikes by postal workers as part of a long-running dispute over pay and conditions. The Communication Workers Union, which represents more than 115,000 postal workers at Royal Mail, is planning further industrial action, with a fresh ballot due to open later this month.

The recent strike action at Royal Mail, combined with the Christmas surge, have created ideal conditions for launching cyber attacks on the organisation’s systems. Keiron Holyome, VP UK&I at BlackBerry commented "When resources are tightened, it is absolutely critical that organisations focus efforts on identifying any gaps in their security posture... To enable this, it is important that security teams rely on intelligent systems and processes as reinforcements... Using next generation tools that help automate systems and processes will be critical in the fight against cyber attacks as we do not see the scale and sophistication of attacks abating"

International parcel deliveries account for a relatively small proportion of the company’s business, although their services are relied upon by many UK-based online retailers.

The company delivered 152m international parcels in the year to March 2022, amounting to one-tenth of total parcel volumes, according to the most recent accounts. International parcels earned the company £779m in revenue for the year, although that was a marked decline from the £1bn brought in during 2021.

Royal Mail:    Insurance Times        Telegraph:   BBC:    :    Guardian:     FT:   Belfast Telegraph:  

You Might Also Read: 

Ukrainian Postal Service Hit By Cyber Attack:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« The FBI’s Advice On Ransomware
Dissent Over British  Internet Safety Laws »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

STMicroelectronics

STMicroelectronics

ST is a global semiconductor leader delivering intelligent and energy-efficient products and solutions that power the electronics at the heart of everyday life.

Conscia

Conscia

Conscia provides IT infrastructure solutions and 24/7 services in network, data center, security and mobility.

Egis Technology

Egis Technology

Egis specializes in the IC design, research and development, and the testing and sales of capacitive fingerprint sensor.

Templar Executives

Templar Executives

Templar Executives is a leading, expert and dynamic Cyber Security company trusted by Governments and multi-national organisations to deliver business transformation.

Capula

Capula

Capula is a leading system integration specialist for control, automation and operational IT systems across all applications and industry sectors.

ZeroNorth

ZeroNorth

ZeroNorth provides a new approach to improve software and infrastructure security, simplify continuous compliance reporting and to create more cost-effective risk management programs.

National Cybersecurity Student Association (NCSA) - USA

National Cybersecurity Student Association (NCSA) - USA

The National Cybersecurity Student Association is a one-stop-shop to enhance the educational and professional development of cybersecurity students through activities, networking and collaboration.

Cyber Security Academy (CSA)

Cyber Security Academy (CSA)

The CSA aims to educate professionals who wish to contribute to strengthening the digital defensibility of states, organisations and individual citizens.

Wynyard Group

Wynyard Group

Wynyard Group is a niche, technology-driven company specializing in Integrated Border Security solutions for enhanced public safety.

CYBAVO

CYBAVO

CYBAVO is a cryptocurrency security company founded by experts from the cryptocurrency and security industries.

Belle de Mai Incubator

Belle de Mai Incubator

Belle de Mai Incubator supports and funds innovative startup ideas in digital industries.

Onfido

Onfido

Onfido is building the new identity standard for the internet. We digitally prove people’s real identities using a photo ID and facial biometrics.

Rhino Security Labs

Rhino Security Labs

Rhino Security Labs is a top penetration testing and security assessment firm, with a focus on cloud pentesting, network pentesting, web application pentesting, and phishing.

Digital Silence

Digital Silence

Digital Silence is a world-class provider of information security research and consulting services.

CyberFOX

CyberFOX

CyberFOX is a global cybersecurity solutions provider focused on identity access management (IAM) for managed service providers (MSPs) and IT professionals.

Soteria Communications

Soteria Communications

Soteria Communications supports clients to prepare for and manage crises, with a focus on cyber incidents.