British Royal Mail - 'Cyber Incident'

Uploaded on 2023-01-13 in NEWS-Cybersecurity News, FREE TO VIEW

The British Royal Mail is unable to send letters or parcels overseas after the postal service suffered a significant cyber attack and has said people should not attempt to send mail abroad due to the cyber incident. “Royal Mail is experiencing severe service disruption to our international export services following a cyber incident.

Six sites have been affected, including a huge sorting office located next to Heathrow Airport, where most outgoing international mail is checked before leaving the UK.

The company, which is considered part of Britain's critical national infrastructure, is in touch with the police and at least one security service following the attack. “We are temporarily unable to despatch items to overseas destinations. We strongly recommend that you temporarily hold any export mail items while we work to resolve the issue. Items that have already been despatched may be subject to delays. We would like to sincerely apologise to impacted customers for any disruption this incident is causing,” says the Royal Mail’s Service Update.

Royal Mail’s Parcelforce Worldwide brand was still operating to all international destinations, but customers should expect delays the company has said and so far domestic post has not been affected.

The attack was first discovered on 11th January and Royal Mail staff have been trying to understand the effects and the causes. Royal Mail  said its teams were "working around the clock to resolve this disruption". It said it would update customers when it had more information. A Royal Mail spokesman said: "We have asked customers temporarily to stop submitting any export items into the network while we work hard to resolve the issue."

A company statement warned customers to expect delays or disruptions to packages already sent and urged others not to attempt to send mail internationally while the problems continued. 

The British National Cyber Security Centre has confirmed it is assisting the company, along with the National Crime Agency. Royal Mail which is part of the International Distribution Services network has also reported the incident to its regulator, Ofcom and security authorities.

Depending upon the severity of the incident, it could take weeks to restore Royal Mail’s systems to trusted operational states.

After a breach, the information cyber attackers gain from having been on the inside of an organisation’s digital infrastructure can leave the victim organisation vulnerable to further breaches in the future. If indeed this was a result of a supply chain vulnerability, it further confirms the cyber security industry’s broader concern around large organisations granting trusted access to third parties who may have vulnerabilities which the primary organisation have not foreseen.

Royal Mail has faced a number of challenges over the past year, including a series of strikes by postal workers as part of a long-running dispute over pay and conditions. The Communication Workers Union, which represents more than 115,000 postal workers at Royal Mail, is planning further industrial action, with a fresh ballot due to open later this month.

The recent strike action at Royal Mail, combined with the Christmas surge, have created ideal conditions for launching cyber attacks on the organisation’s systems. Keiron Holyome, VP UK&I at BlackBerry commented "When resources are tightened, it is absolutely critical that organisations focus efforts on identifying any gaps in their security posture... To enable this, it is important that security teams rely on intelligent systems and processes as reinforcements... Using next generation tools that help automate systems and processes will be critical in the fight against cyber attacks as we do not see the scale and sophistication of attacks abating"

International parcel deliveries account for a relatively small proportion of the company’s business, although their services are relied upon by many UK-based online retailers.

The company delivered 152m international parcels in the year to March 2022, amounting to one-tenth of total parcel volumes, according to the most recent accounts. International parcels earned the company £779m in revenue for the year, although that was a marked decline from the £1bn brought in during 2021.

Royal Mail:    Insurance Times        Telegraph:   BBC:    :    Guardian:     FT:   Belfast Telegraph:  

You Might Also Read: 

Ukrainian Postal Service Hit By Cyber Attack:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« The FBI’s Advice On Ransomware
Dissent Over British  Internet Safety Laws »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Tech Industry Forum (TIF)

Tech Industry Forum (TIF)

Tech Industry Forum is a not-for-profit, membership driven trade body. We bring together end users and some of the UK’s leading cloud, software, platform, infrastructure, and service providers.

Computer Laboratory - University of Cambridge

Computer Laboratory - University of Cambridge

Computer security has been among the Laboratory’s research interests for many years, along with related topics such as cryptology

ISTQB

ISTQB

ISTQB has defined the "ISTQB Certified Tester" scheme that has become the world-wide leader in the certification of competences in software testing.

Cymbel

Cymbel

Cymbel provides businesses and government agencies with the tools and expertise they need to manage the most complex security and compliance challenges.

Netwrix

Netwrix

Netwrix empowers information security and governance professionals to identify and protect sensitive data to reduce the risk of a breach.

The Media Trust

The Media Trust

The Media Trust continuously scans websites, ad tags and mobile apps and alerts on anomalies affecting websites and visitors.

Standards Council of Canada (SCC)

Standards Council of Canada (SCC)

SCC leads and facilitates the development and use of national and international standards and accreditation services in Canada.

SynerLeap

SynerLeap

SynerLeap is ABB's innovation growth hub. Our aim is to help startups accelerate and expand across industries, ranging from industrial automation and robotics to grid technologies and smart cities.

Next Peak

Next Peak

Next Peak provides cyber advisory and operational services based on deep business and national security experience, thought leadership, and a network of front-line defenders.

BreachQuest

BreachQuest

BreachQuest brings together cybersecurity experts with decades of experience identifying security flaws, penetrating networks, and responding to incidents.

Schillings

Schillings

Shillings defends your rights to privacy, reuptation and security. We fight passionately against breaches of your privacy, attacks on your reputation and threats to your security.

Mobilicom

Mobilicom

Mobilicom is an end-to-end provider of cybersecurity and smart solutions for drones, robotics & autonomous platforms.

Netsurit

Netsurit

Managed IT, Cloud, and Security Services. Netsurit is Your IT Innovation and Digital Transformation Accelerator.

SpectrumWise

SpectrumWise

SpectrumWise is a business technology specialist that provides Managed Services and Managed Security for small and medium IT Networks.

Efex

Efex

Efex is one of Australia’s leading Managed Technology Solutions providers. We service local companies across Australia, providing accessible, fast and straightforward IT.

Virtual Cyber Labs

Virtual Cyber Labs

Virtual Cyber Labs is a 21st generation Cybersecurity Edu-Tech company that offers an all-in-one hub including custom syllabus and labs.