Royal Mail experiences cyber incident

Royal Mail experiences cyber incident

The Royal Mail is experiencing severe service disruption to its international export services following a cyber incident.  

The organisation released a statement about the issue: ‘We are temporarily unable to despatch export items including letters and parcels to overseas destinations. We have asked customers temporarily to stop submitting any export items into the network while we work hard to resolve the issue. Some customers may experience delay or disruption to items already shipped for export. Our import operations continue to perform a full service with some minor delays’.

The statement continued: ‘Our teams are working around the clock to resolve this disruption and we will update customers as soon as we have more information. We immediately launched an investigation into the incident and we are working with external experts. We have reported the incident to our regulators and the relevant security authorities.

‘We would like to sincerely apologise to impacted customers for any disruption this incident may be causing.’

IT industry experts have been quick to comment on the news.

Anthony Davis, former Head of Information Security at Royal Mail until 2009, said: “I have a good idea which systems at Royal Mail could be affected. But it’s early days so far and the incident response will likely take some time. Let’s see what the investigation discovers and, if it was in fact a cyberattack, who was responsible. The National Cyber Security Centre is pretty good about attributing attacks to perpetrators, eventually.”

Camellia Chan, CEO and Founder at X-PHY, a Flexxon brand, said: “The Royal Mail has confirmed it recently suffered a cyber incident which will affect export shipments from the UK alongside other delays. For a company which processes around 200,000 parcels for international shipment each day, this incident demonstrates the immeasurable consequences of a system fault or concerted cyberattack from malicious actors.

“While we are uncertain at this point about the cause of the incident, a crucial lesson is that organisations of all sizes are prone to unexpected cybersecurity shocks. It is a timely event which should lead to a change in attitudes on the part of individuals and businesses about the impact of inadequate cybersecurity standards. Businesses with complex supply chains – like Uber that [recently] suffered a data breach – are most at risk due to the availability of multiple points of weakness. In the case of The Royal Mail, it will have a significant impact on the millions of international customers who regularly depend on its services.”

Trevor Dearing, Director of Critical Infrastructure Solutions at Illumio, said: “The attack on Royal Mail reinforces why cyberattacks are no longer just a security problem. Attacks are now geared around causing maximum disruption – in this case Royal Mail’s ability to export mail overseas.

“Once an attacker gains access to an organisation, we know they quickly infect as many machines as possible via open and unprotected ports and protocols. Unfortunately, detecting an attack at this point is too late, which is why it is pivotal to put in proactive protection before an incident occurs.

“By adopting a Zero Trust approach and only allowing known and verified communications between environments, businesses can mitigate the impact of any breach and stop cyberattacks from impacting critical systems and operations.”

Browse our latest issue

Intelligent CISO

View Magazine Archive