Royal Mail vehicles parked in London showing cyber incident

Royal Mail Issues a Major Disruption Warning Following a “Cyber Incident”

Royal Mail suffered a “cyber incident” that severely disrupted international export services, forcing the company to stop accepting new global shipments temporarily. However, domestic parcel delivery services were unaffected by the incident attributed to the Russian-linked ransomware group LockBit.

British media outlets said the ransomware group left a ransom note demanding payment and threatening to publish the stolen data if the company failed to comply.

The Telegraph reported that Royal Mail printers at a Belfast, North Ireland, distribution center started churning out ransom notes after hackers hijacked the systems.

Cyber incident halts Royal Mail’s international shipments

Royal Mail has requested customers to halt submitting new parcels for international delivery until the incident is resolved to avoid creating a backlog. More than half a million items currently await shipment following the LockBit ransomware incident. The London, England-based courier also warned that “some customers may experience delay or disruption to items already shipped for export.”

However, parcel delivery throughout the United Kingdom continued to operate with limited delays.

“Our import operations continue to perform a full service with some minor delays,” Royal Mail said.

Similarly, the cyber incident did not affect Parcelforce Worldwide, which is owned by Royal Mail and delivers globally via partner networks.

“While the specifics of this particular cyber incident are not yet clear, it is another timely reminder of the significant impact cyber incidents can have on businesses and services within Britain,” said Oz Alashe MBE, CEO at CybSafe. “General cyber hygiene, from vulnerability assessments and network segmentation to backing up data and carrying out regular patching, is instrumental in preventing such incidents.”

While international exports account for a small portion of the company’s business, many UK online businesses depend on the service to deliver products to various destinations worldwide.

The company posts over 400,000 international parcels daily to more than 230 countries and territories worldwide. In 2022, Royal Mail sent over 150 million packages across the globe.

The same year, Royal Mail earned £779 million ($949m) in revenue from international exports, marking a significant decline from the £1 billion ($1.2b) it earned in 2021.

“Businesses with complex supply chains – like Uber that last month suffered a data breach – are most at risk due to the availability of multiple points of weakness,” said Camellia Chan, CEO and Founder at X-PHY. “In the case of The Royal Mail, it will have a significant impact on the millions of international customers who regularly depend on their services.”

Investigations of cyber incident ongoing

Meanwhile, Royal Mail reported the cyber incident to law enforcement authorities and industry regulators, launched an investigation, and began working with external experts to resolve the issue.

The National Cyber Security Centre also confirmed it was “aware of an incident affecting Royal Mail Group.” The agency said it was working with the company and the National Crime Agency to fully understand the impact.

Similarly, the United Kingdom’s Information Commissioner’s Office (ICO) said it would start an inquiry into the cyber incident.

“This is yet another example of how ‘cyber incidents’ like ransomware attacks have real world impacts on innocent people and should be considered national security threats in addition to being cybercrimes,” said Adam Flatley, VP of intelligence at Redacted and a former Director of Operations at the NSA. “Mail services are vital for so many government and private industries that provide critical services (e.g., mailing medicine). A wide disruption could have catastrophic economic and human consequences.”

The cyber incident coincided with the postal workers’ strike precipitated by disputes over working conditions and pay. The Communication Workers Union (CWU) members plan to vote on January 23, 2023, on extending the industrial action. So far, no connection has been made between the cyber incident and the ongoing strikes.

Interestingly, the postal workers’ strike coincided with the holiday season, creating a perfect opportunity for hackers to install ransomware and exfiltrate data.

Royal Mail Group warned of disruptions in international export services and stopped accepting parcels for international delivery after a #cyberincident caused severe disruption to export services. #cybersecurity #respectdataClick to Tweet

The company has experienced similar cyber incidents in the past few months before the holiday season and workers’ strikes. In November 2022, the courier service experienced a cyber incident that disrupted the Track & Trace tracking service for more than 24 hours, causing widespread confusion. Additionally, the courier’s Click & Drop website experienced payment problems, days after leaking customer data.

The British government considers Royal Mail a critical national infrastructure organization as a communication sub-sector.