{"id":2630,"date":"2025-04-04T14:27:19","date_gmt":"2025-04-04T14:27:19","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=2630"},"modified":"2025-04-04T14:27:19","modified_gmt":"2025-04-04T14:27:19","slug":"royal-mail-investigates-data-leak","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=2630","title":{"rendered":"Royal Mail investigates data leak"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>There are indications that Royal Mail has suffered a new cyber incident, around two years after it suffered a <a href=\"https:\/\/www.computerwoche.de\/article\/2820918\/wie-die-royal-mail-mit-cybererpressern-verhandelte.html\">massive ransomware attack<\/a>: A hacker called \u201cGHNA\u201d claimed in a darknet forum that he had stolen 144 gigabytes of data from the British postal service.<\/p>\n<p>The message posted March 31 said the stolen data included 16,549 files containing personal information of Royal Mail customers, including names, addresses, scheduled delivery dates and other confidential documents.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Attack possibly via German supplier<\/strong><\/h2>\n<p>The same person recently claimed to have <a href=\"https:\/\/www.csoonline.com\/article\/3952979\/hacker-steals-customer-data-from-samsung-germany.html\">stolen data from Samsung Germany<\/a>, prompting speculation that the attack method was the same: via the German IT service provider Spectos. Its software is used by numerous companies to monitor the quality of customer service. <\/p>\n<p>According to a report by cybersecurity specialist <a href=\"https:\/\/www.infostealers.com\/article\/samsung-tickets-data-leak-infostealers-strike-again-in-massive-free-dump\/\">Hudson Rock<\/a>, attackers managed to crack the access data of a Spectos employee with an infostealer in 2021.<\/p>\n<p>A Royal Mail spokesperson said: \u201cWe are aware of an incident affecting Spectos, a supplier of Royal Mail. We can confirm there has been no compromise of Royal Mail systems and services are continuing as normal. A Spectos investigation is ongoing as well as a review of the data published online. Royal Mail does not send any personal customer or financial data to Spectos.\u201d<\/p>\n<p>Spectos has since also confirmed to BleepingComputer that it had suffered a cyberattack. \u201cWe are aware of an incident which is alleged to have affected Spectos, a supplier of Royal Mail. We are working with the company to investigate the issue and establish what impact there may be regarding their data\u201d a Spectos representative told the publication.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>There are indications that Royal Mail has suffered a new cyber incident, around two years after it suffered a massive ransomware attack: A hacker called \u201cGHNA\u201d claimed in a darknet forum that he had stolen 144 gigabytes of data from the British postal service. The message posted March 31 said the stolen data included 16,549 [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":2631,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2630","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2630"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2630"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2630\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/2631"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2630"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2630"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2630"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}