GIBRALTAR, April 10, 2025 – Royal Mail is investigating a potential Cybersecurity breach after a 144GB trove of allegedly stolen data was leaked online by a known Cybercriminal. The source of the breach is linked to a third-party vendor, Spectos GmbH, a data analytics firm that partners with Royal Mail.
Key Facts:
* 144GB of data leaked on a dark web forum, allegedly stolen from systems linked to Royal Mail.
* Data includes personally identifiable information (PII), Mailchimp mailing lists, internal Zoom recordings, and a WordPress SQL database.
* The threat actor, known as “GHNA“, posted over 16,500 files on BreachForums, a notorious Cybercrime marketplace.
* The breach is believed to stem from compromised employee credentials at Spectos, dating back to a 2021 malware incident.
* The data had remained dormant until now, raising concerns about long-term credential misuse and supply chain vulnerabilities.
What Happened?
Spectos GmbH confirmed that it suffered a Cyberattack which led to unauthorised access to systems that store and process customer and operational data. The breach has exposed Royal Mail’s reliance on external service providers, a growing area of concern in supply chain Cybersecurity.
According to Spectos, forensic investigations are ongoing. The compromised data may include:
* Customer names, addresses, and delivery schedules
* Internal Royal Mail documents
* Delivery and location databases
* Mailchimp lists
* Zoom recordings between Royal Mail and Spectos
* A SQL database from a WordPress site used by mail agents
“The Royal Mail breach highlights the hidden dangers of supply chain exposure and long-dormant credential leaks,” said Cybersecurity Journalist, Iain Fraser “The fact that the data went unused for years before this breach should be a wake-up call for continuous threat monitoring.”
Who Is Behind the Breach?
The threat actor “GHNA” published the stolen data on BreachForums and claimed responsibility for the attack. Cybersecurity researchers note that the attacker may have used credentials compromised several years ago, pointing to a dormant malware case from 2021. The delay between initial compromise and active exploitation signals a growing trend of long-tail Cyber threats.
Royal Mail’s Response
Royal Mail has acknowledged the incident and confirmed collaboration with Spectos and Cybersecurity experts to determine the scope of the breach. The organization stressed that its core infrastructure remains secure, but an official statement on customer impact has not yet been released.
Expert Insight
Cybersecurity analysts are warning SMEs and enterprise organisations alike to closely evaluate third-party risks, especially around vendors handling sensitive customer data. This breach illustrates how legacy compromises, if undetected, can resurface years later and be weaponized for Cyber extortion or data dumping.
Actionable Takeaways for SMEs:
* Review third-party access to customer or operational data.
* Rotate credentials regularly, especially after malware incidents.
* Deploy continuous threat detection tools and log activity from partners.
* Implement zero-trust policies with least-privilege access control.
