UK postal service Royal Mail suffers data breach

On April 2, 2025, the actor known as GHNA, has posted on the cybercriminal forum BreachForums 144 GB of data stolen from Royal Mail Group. Attached to the post were 293 folders and 16,549 files for free download. The data posted included personal customer information, confidential documents, video recordings of Zoom internal meetings, delivery locations, databases, mailing lists, among other sensitive information.

The source of the leak was the external service provider Spectos GmbH, a company dedicated to the monitoring and logistics of the postal service. As had happened with the Samsung leak on March 30, GHNA accessed the Spectos infrastructure using credentials stolen from an employee in 2021, after being infected with the Racoon infostealer. The login information and credentials for this account were not updated, resulting in the cybercriminal being able to extract the information.

According to research performed by HudsonRock, a platform dedicated to analyzing infostealer cybersecurity, the Royal Mail Group, breach highlights the cascading risks of supply chain attacks. The consequences of this incident could include identity theft, phishing campaigns and reputational damage. For example, mailing list leaks increase the risk of threats, as attackers can leverage Artificial Intelligence to conduct targeted social engineering attacks.