Hacker claims they stole over 140GB worth of Royal Mail data
A threat actor has claimed that they breached the internal network of British postal service Royal Mail and stole more than 140 gigabytes of confidential data.
The threat actor, using the moniker “GHNA,” said that they infiltrated the internal network of Royal Mail Group and exfiltrated 16,549 files totalling a whopping 144 gigabytes of data.
According to the threat actor’s dark web post, the breach occurred due to a cyber attack on Spectos, a German data collection, analysis and operations firm that provides certain services to Royal Mail.
“In March 2025, Royal Mail Group, an established brand with more than 500 years of history, beginning as a postal service exclusively for the King and his Court, suffered a data breach which exposed PII of customers, confidential documents, internal Zoom meeting video recordings between Spectos and Royal Mail Group,” reads the post.
“GHNA” added that the compromised data included “delivery/post office locations along with other data, Wordpress SQL database for malsgents.uk, Malichimp mailing lists, and more”, a total of “283 folders, 16,549 files (144 GiB).”
Acknowledging the cyber criminal’s claim, a Royal Mail spokesperson said that its service provider, Spectos, indeed suffered a network intrusion but core postal services systems were not affected by the attack.
“We are aware of an incident which is alleged to have affected Spectos, a supplier of Royal Mail. We are working with the company to investigate the issue and establish what impact, if any, there may be regarding their data,” the spokesperson told Cybernews.
In January 2023, Royal Mail suffered another massive cyber attack that disrupted its international shipping services. The infamous LockBit ransomware group later published the contents of a long-drawn-out negotiation with Royal Mail wherein the group demanded a whopping $80 million as ransom.
In response, Royal Mail’s negotiator clarified to LockBit that they mistook Royal Mail International with Royal Mail and that the organisation won’t pay the demanded ransom.
Most Viewed
New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY
Don’t allow AI experiments to become quiet business risksSponsored by alice.io
The Expert View: Securing the AI-Driven WorldSponsored by Checkpoint
The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty
The Expert View: Transforming security through risk intelligenceSponsored by Obrela
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543