Royal Mail cyber incident prevents posting abroad


Royal Mail has asked people to stop sending mail abroad due to a “cyber incident” causing severe disruption.

It said it was temporarily unable to send letters and parcels overseas, and was “working hard” to resolve the issue. There are also minor delays to post coming into the UK, but domestic deliveries are unaffected.

The incident has been reported to the UK’s cyber intelligence agency and police who deal with serious crime.

Royal Mail apologised and said its teams were “working around the clock to resolve this disruption”. It said it would update customers when it had more information.

Says Richard Staynings, Chief Security Strategist at Cylera, which helps to cybersecure much of the NHS:

“Critical industries seem to be constantly attacked and damaged suggesting that the UK government is not taking cybersecurity seriously enough.”

“The Royal Mail, along with healthcare, education, government, electricity, and a number of other industries are all considered critical to the UK economy. When a critical infrastructure industry is disrupted or attacked, its impact travels far, affecting many other businesses and individuals.

“For this reason, these industries are supposed to be afforded extra levels of protection by the government, and when attacked consequently attract the immediate attention of the National Crime Agency and the National Cyber Security Centre.”

Adds David Trump, Cyber Security Solutions Director at BOM IT Solutions:

Royal Mail cyber teams will have pre-defined and pre-rehearsed playbooks for this type of event. It is reported that they are already engaged with an external Incident Response team. These Incident Response teams will now be gathering as much information on the assailants, such as who are they, how did they get in, what systems and tools are compromised, if and what has been exfiltrated, if and what are their demands and how to remove the threat with limited business interruption.

“Threat actors have varying motivations to attack an organisation. Whether it be to harvest and sell customer information, staff credentials or session cookies on the dark web or other credential bidding sites. Or they could apply a ransom for encrypted data.”

Chris Price
For latest tech stories go to