You have 0 free articles left this month.
Register for a free account to access unlimited free content.
Powered by MOMENTUM MEDIA
lawyers weekly logo

Powered by MOMENTUMMEDIA

Breaking news and updates daily. Subscribe to our Newsletter
Advertisement

Exclusive: Royal Mail confirms cyber attack resulting from third-party provider Spectos

The British Royal Mail has confirmed that it is feeling the effect of a cyber attack that resulted from one of its third-party providers.

Exclusive: Exclusive: Royal Mail confirms cyber attack resulting from third-party provider Spectos
expand image

Responding to Cyber Daily’s request for comment, the Royal Mail Group confirmed that a cyber attack had occurred on the systems of Spectos, a German data collection, analysis and operations firm.

“We are aware of an incident which is alleged to have affected Spectos, a supplier of Royal Mail,” a Royal Mail spokesperson told Cyber Daily.

“We are working with the company to investigate the issue and establish what impact, if any, there may be regarding their data.”

The statement follows claims made by a threat actor going by the moniker “GHNA” yesterday (1 April) that claimed to have exfiltrated 144GB of data belonging to Royal Mail “courtesy” of Spectos.

“In March 2025, Royal Mail Group, an established brand with more than 500 years of history, beginning as a postal service exclusively for the King and his Court, suffered a data breach which exposed PII of customers, confidential documents, internal Zoom meeting video recordings between Spectos and Royal Mail Group,” said the threat actor.

Other data included delivery and post office location datasets, Mailchimp mailing lists, a WordPress SQL database for mailagents.uk “and more”.

The threat actor also posted a sample of the data, which includes alleged names, full home/postal addresses, company names, phone numbers, and even a screenshot of a planning meeting allegedly between the Royal Mail Group and Spectos.

GHNA also suggested that this wasn’t the first time that Royal Mail data had been leaked as a result of Spectos.

While Cyber Daily has not been able to identify a previous breach resulting from Spectos, another threat actor listed the Royal Mail on the same hacking forum in October.

Infamous leaker “888” listed the postal service, saying the company “suffered a small data breach which includes over 100 files with a total of 2,698 rows of data”.

However, they say that the breach did not occur directly through Royal Mail and that they lost access quickly, preventing a full exfiltration of data.

Prior to this, in 2023, Royal Mail International suffered a ransomware attack at the hands of the LockBit ransomware group, who confused it with the much larger Royal Mail and demanded a ransom of roughly AU$114.5 million (£65.7 million).

Royal Mail said it would never pay such an “absurd amount of money” and, despite negotiations, never paid ransom.


Update - 03/04/2025: Spectos also confirmed the attack with Cyber Daily, adding that an investigation is underway.

"Spectos GmbH has been the target of an ongoing cyber attack since March 29, 2025. According to the current status, unauthorized access to systems and personal customer data has occurred." Spectos wrote.

"The exact scope of the incident is currently the subject of intensive forensic investigations.

"The attack is ongoing; our systems are being continuously monitored and secured.

"The origin of the attack is currently being analyzed together with external cyber security experts.

"Contrary to media reports to the contrary, there are no indications of an internal attack or the use of leaked access data.

"All legal and technical steps to minimize risk are being taken at full speed, and the ISO 27001-certified systems are being permanently monitored and increasingly protected. We take this incident very seriously and are doing everything we can to avert damage, clarify the causes and harden our systems in the long term. Spectos GmbH will provide regular and transparent updates on the progress."

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.
You need to be a member to post comments. Become a member for free today!

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.