The Royal Mail Group, one of the UK’s oldest institutions, is in the hot seat, following an alleged data breach that exposed 144GB of internal and customer information.
The leak was announced on 31 March 2025, by a hacker known as “GHNA” on the cybercrime platform Breach Forum.
According to Hackread.com, the leaked archive contains 293 folders and more than 16,000 files, including sensitive customer PII (names, addresses, and shipping details), internal communications like Zoom recordings, backend SQL databases, and Mailchimp marketing data.
One video even shows a meeting between Royal Mail and Spectos, that operates globally in the fields of data collection, data analysis, technology, digitization and operations, measuring postal service quality according to international standards.
A Spotlight on Supply Chain Weaknesses
The hacker credited Spectos in the breach post, saying: “Today, I have uploaded 144GB of data from Royal Mail Group for you to download (courtesy of Spectos, again). Thanks for reading, and enjoy!”
This suggests the firm may have been the stepping stone into the Royal Mail’s systems. This isn’t the first time Spectos has been linked to leaks, highlighting third-party access and supply chain risks which have been in the spotlight for the last few years.
Royal Mail responded to the disclosure by confirming it is investigating the issue alongside Spectos. “We are aware of an incident which is alleged to have affected Spectos, a supplier of Royal Mail,” the company said. Spectos has yet to issue a public statement.
The hacker, GHNA, is notorious for leaking data from major enterprises, including Samsung Germany and Liberty Latin America. Several of their past leaks have been verified and sold on dark web forums, meaning their broader aim is monetizing unauthorized access to corporate systems.
This latest incident comes not long after Royal Mail’s high-profile ransomware attack in 2023, which disrupted international shipping for weeks, and although this breach doesn’t seem to be ra ransomware attack, it adds to mounting concerns about whether Royal Mail’s data protection practices, or those of its vendor ecosystem, are good enough,.
Investigations are ongoing, and the full extent of the breach’s impact on customers and operations remains to be seen.
You’re Only as Strong as Your Weakest Link
“The Royal Mail Group breach is a stark reminder that in cybersecurity, you’re only as strong as your weakest link – often a third-party vendor,” says Javvad Malik, Lead Security Awareness Advocate at KnowBe4. “This incident, with its massive 144GB data leak, showcases the evolving sophistication of cyber threats and the alarming rise of access-as-a-service models.”
He says while it’s easy to point the finger at third parties, the responsibility still lies with the owning business. “And such a huge leak from customer PII to internal communications can all be used to facilitate future attacks.”
Malik says cybersecurity can’t just be an IT concern; it must be a board-level priority, fostering a culture of vigilance across the entire organization and its partnerships.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.