While Royal Mail and Spectos have yet to share more information on the breach, cybersecurity company Hudson Rock says the attackers gained access to Royal Mail systems using the credentials of a Spectos employee compromised in a 2021 info stealer malware incident. While the British postal service has yet to confirm that its systems were breached, a spokesperson told BleepingComputer that Royal Mail is aware of an incident at Spectos GmbH, a third-party data collection and analytics service provider. The January 2023 breach forced the company to halt international shipping services due to what it described as a "cyber incident" causing "severe service disruption." Royal Mail restored these services three weeks after the ransomware attack impacted its operations. GHNA says the leaked documents also include Mailchimp mailing lists, datasets containing delivery/post office locations, the WordPress SQL database for mail agents.uk, internal Zoom meeting video recordings between Spectos and the Royal Mail Group, and more. Royal Mail is investigating claims of a security breach after a threat actor leaked over 144GB of data allegedly stolen from the company's systems. The threat actor behind this leak (who uses the "GHNA" handle on BreachForums) released 16,549 files allegedly containing Royal Mail customers' personally identifiable information (including names, addresses, planned delivery dates, and more) and other confidential documents. "In this case, the infected Spectos employee's credentials provided a gateway to Royal Mail Group's systems," Hudson Rock CTO Alon Gal said. "We are aware of an incident which is alleged to have affected Spectos, a supplier of Royal Mail. Spectos also confirmed in a statement shared with BleepingComputer that its systems were breached on March 29, and the attackers gained access to customer data.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 02 Apr 2025 16:35:16 +0000