British Royal Mail - 'Cyber Incident'

Uploaded on 2023-01-13 in NEWS-Cybersecurity News, FREE TO VIEW

The British Royal Mail is unable to send letters or parcels overseas after the postal service suffered a significant cyber attack and has said people should not attempt to send mail abroad due to the cyber incident. “Royal Mail is experiencing severe service disruption to our international export services following a cyber incident.

Six sites have been affected, including a huge sorting office located next to Heathrow Airport, where most outgoing international mail is checked before leaving the UK.

The company, which is considered part of Britain's critical national infrastructure, is in touch with the police and at least one security service following the attack. “We are temporarily unable to despatch items to overseas destinations. We strongly recommend that you temporarily hold any export mail items while we work to resolve the issue. Items that have already been despatched may be subject to delays. We would like to sincerely apologise to impacted customers for any disruption this incident is causing,” says the Royal Mail’s Service Update.

Royal Mail’s Parcelforce Worldwide brand was still operating to all international destinations, but customers should expect delays the company has said and so far domestic post has not been affected.

The attack was first discovered on 11th January and Royal Mail staff have been trying to understand the effects and the causes. Royal Mail  said its teams were "working around the clock to resolve this disruption". It said it would update customers when it had more information. A Royal Mail spokesman said: "We have asked customers temporarily to stop submitting any export items into the network while we work hard to resolve the issue."

A company statement warned customers to expect delays or disruptions to packages already sent and urged others not to attempt to send mail internationally while the problems continued. 

The British National Cyber Security Centre has confirmed it is assisting the company, along with the National Crime Agency. Royal Mail which is part of the International Distribution Services network has also reported the incident to its regulator, Ofcom and security authorities.

Depending upon the severity of the incident, it could take weeks to restore Royal Mail’s systems to trusted operational states.

After a breach, the information cyber attackers gain from having been on the inside of an organisation’s digital infrastructure can leave the victim organisation vulnerable to further breaches in the future. If indeed this was a result of a supply chain vulnerability, it further confirms the cyber security industry’s broader concern around large organisations granting trusted access to third parties who may have vulnerabilities which the primary organisation have not foreseen.

Royal Mail has faced a number of challenges over the past year, including a series of strikes by postal workers as part of a long-running dispute over pay and conditions. The Communication Workers Union, which represents more than 115,000 postal workers at Royal Mail, is planning further industrial action, with a fresh ballot due to open later this month.

The recent strike action at Royal Mail, combined with the Christmas surge, have created ideal conditions for launching cyber attacks on the organisation’s systems. Keiron Holyome, VP UK&I at BlackBerry commented "When resources are tightened, it is absolutely critical that organisations focus efforts on identifying any gaps in their security posture... To enable this, it is important that security teams rely on intelligent systems and processes as reinforcements... Using next generation tools that help automate systems and processes will be critical in the fight against cyber attacks as we do not see the scale and sophistication of attacks abating"

International parcel deliveries account for a relatively small proportion of the company’s business, although their services are relied upon by many UK-based online retailers.

The company delivered 152m international parcels in the year to March 2022, amounting to one-tenth of total parcel volumes, according to the most recent accounts. International parcels earned the company £779m in revenue for the year, although that was a marked decline from the £1bn brought in during 2021.

Royal Mail:    Insurance Times        Telegraph:   BBC:    :    Guardian:     FT:   Belfast Telegraph:  

You Might Also Read: 

Ukrainian Postal Service Hit By Cyber Attack:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« The FBI’s Advice On Ransomware
Dissent Over British  Internet Safety Laws »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CERT Polska

CERT Polska

CERT Polska is the first Polish computer emergency response team and operates within the structures of NASK (Research and Academic Computer Network) research institute.

TZ-CERT

TZ-CERT

TZ-CERT is the National Computer Emergence Response Team of Tanzania.

Thinklogical

Thinklogical

Thinklogical manufactures secure, KVM, video, audio, and computer peripheral signal switching solutions for defence C4ISR applications.

Redjack

Redjack

Redjack is a cutting-edge network analytics company focused on enterprise and ISP security and intelligence solutions.

Spire Solutions

Spire Solutions

Spire Solutions is the Middle East & Africa region’s leading cybersecurity solution provider and value-added distributor (VAD).

DataPassports

DataPassports

DataPassports is a data-centric security and privacy solution that enforces privacy and security from end-to-end with transparent protection of data at the source.

Cybeta

Cybeta

Cybeta's actionable cybersecurity intelligence keeps your business safe with strategic and operational security recommendations that prevent breaches.

Crosspoint Capital Partners

Crosspoint Capital Partners

Crosspoint Capital Partners is a private equity investment firm focused on the cybersecurity and privacy sectors.

Albania Lab

Albania Lab

Albania Lab is a consulting company focused on the development and delivery of digital solutions and IT services including cybersecurity.

Atlantic Data Security

Atlantic Data Security

Atlantic Data Security is skilled in the analysis, recommendation, deployment, and management of all critical components of the security infrastructure.

Third Point Ventures

Third Point Ventures

Third Point brings deep technical expertise, a strong network of relationships, and decades of investing experience to add value to our partners throughout their journey from idea to IPO and beyond.

IBM Security

IBM Security

IBM manufactures and markets computer hardware, middleware and software, and offers hosting and consulting services in areas ranging from mainframe computers to nanotechnology.

Bastion Technologies

Bastion Technologies

All your cyber defense. One platform. Keep your business assets and employees safe under one roof. Manage your cyber defense quickly, easily & efficiently.

Pointsharp

Pointsharp

Pointsharp delivers software and services that help organizations secure data, identities, and access in a user-friendly way.

Trustack

Trustack

Trustack services cover connectivity, infrastructure services, security, unified comms, agile working and more. Our team of consultants deliver customised solutions tailored to your needs.

CallCabinet

CallCabinet

CallCabinet is the premier cross-platform SaaS provider for end-to-end compliant call recording, AI-driven conversation analytics, call QA, and custom business intelligence reporting.