HQ/EMEAFind out how we can help your business
Royal Mail data breach concerns have emerged after a threat actor leaked 144GB of allegedly stolen data online.
The breach is linked to Spectos GmbH, a third-party data collection and analytics provider used by the British postal service. Despite the incident, Royal Mail has confirmed that its operations and services remain unaffected.
A spokesperson for Royal Mail stated that the company is working with Spectos to investigate the data breach issue and determine the extent of the data exposure.
Spectos has also acknowledged that its systems were breached on March 29, 2025, with attackers gaining unauthorised access to customer data. The cybercriminal responsible, using the alias “GHNA” on BreachForums, has leaked 16,549 files, which allegedly contain Royal Mail customers’ personally identifiable information, including names, addresses, and planned delivery dates. Additionally, the leaked documents reportedly include Mailchimp mailing lists, datasets on delivery and post office locations, the WordPress SQL database for mail agents.uk, and internal Zoom meeting recordings between Spectos and Royal Mail Group.
Cybersecurity experts have suggested that the breach was made possible through stolen login credentials belonging to a Spectos employee. According to reports, the employee’s credentials had been compromised in a 2021 info stealer malware attack, but the stolen data remained unused until recently. The attackers then exploited these credentials to access Spectos’ systems, leading to the exposure of Royal Mail data.
This incident is not the first cybersecurity issue faced by the postal service. In January 2023, a ransomware attack by the LockBit group forced Royal Mail to halt international shipping for three weeks due to severe service disruptions. In November 2022, the company also experienced an outage that affected its tracking services for over 24 hours.
Although Royal Mail has stated that its operations are unaffected, concerns remain about the potential impact of the leaked data.
Cybersecurity experts warn that exposed personal information could be exploited for phishing scams, identity fraud, or further attacks. As investigations continue, affected customers may need to remain vigilant against potential threats linked to the Royal Mail data breach.
