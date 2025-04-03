Royal Mail investigating possible data breach after supplier targeted

144GB data tranche reportedly up for sale

Close up of a Royal Mail van
  • A German logistics management firm has experienced a data breach
  • Royal Mail may files may have been exposed as a result
  • GHNA hacking group previously targeted Samsung Electronics

A hacking group going by the name GHNA has put information for sale on the notorious BreachForums site, claiming belongs to the Royal Mail Group.

The British postal firm was reportedly breached through a German logistics management supplier - if the information for sale is legitimate.

This data includes 293 folders and 16,549 files, and is said to include personally identifiable information (PII) like names, physical addresses, phone numbers, and package details, leaving anyone affected at risk of identity theft and fraud.

Familiar exploits

“We are aware of an incident which is alleged to have affected Spectos, a supplier of Royal Mail," a Royal Mail spokesperson told us.

"We are working with the company to investigate the issue and establish what impact there may be regarding their data. We can confirm there has been no impact on Royal Mail operations and services continue to function as normal.”

GHNA previously leaked over 270,000 customer service tickets tied to Samsung Electronics Germany, in a breach that exposed transactional and sensitive personal data.

A spokesperson for Spectos GmbH confirmed to TechRadar Pro it has been the target of an ongoing cyberattack since March 29, 2025, when “unauthorized access to systems and personal customer data has occurred”, and that the attack is ongoing, but systems are being continuously monitored and secured.

“The origin of the attack is currently being analyzed together with external cyber security experts.Contrary to media reports to the contrary, there are no indications of an internal attack or the use of leaked access data.”

Analysis from HudsonRock suggests that AI is playing an increasingly important role in breaches such as this one, with tools like ChatGPT able to “rapidly parse through” files and extract valuable data such as PII.

