Royal Mail CEO confirms cyberattack downed UK postal service

Royal Mail vans outside a depot in Stoke-on-Trent in the U.K. following a cyberattack on its systems.

Image Credits: Nathan Stirk/Getty Images

Royal Mail CEO Simon Thompson has confirmed that a cyberattack is to blame for the ongoing disruption at the U.K. postal giant.

The admission comes almost a week after Royal Mail first said it was hit by an unspecified “cyber incident” that left the British mail service unable to dispatch items to overseas destinations.

“We’ve confirmed that we’ve had a cyberattack,” Thompson told a U.K. parliamentary committee on Tuesday in response to questions from lawmakers. Thompson added that while the mail service believes that no customer data was compromised in the attack, the organization is prepared for that situation to change and has already notified the U.K. data protection regulator, the Information Commissioner’s Office, as a precaution.

Thompson — who gave evidence to lawmakers during a session about Royal Mail’s ongoing dispute with its union workers — declined to comment on specifics of the cyberattack, claiming that discussing details of the incident would be “detrimental” to the ongoing investigation. Thompson said that the postal service continues to experience disruption to its international export services following the cyberattack.

Royal Mail has yet to confirm when this disruption is likely to end — compounded by existing backlogs and delays that have arisen from strike action — but Thompson said a “workaround” should be available soon.

“For export parcels and letters through our postal services… we are no longer able to provide that service,” he said. “The team have been working on workarounds so that we can get the service up and running again.” Thompson added that the Royal Mail will have “more news to share” soon.

There remains plenty of unanswered questions about the Royal Mail’s cyberattack, such as the nature of the incident and who is responsible.

Some media reports have claimed that Royal Mail was the target of ransomware that compromised machines used to print customs labels for parcels sent to overseas destinations. A public-facing representative for LockBit, a ransomware group accused of launching the attack on the postal service, initially denied involvement, and pointed blame to other hackers using the gang’s leaked ransomware builder software. Brett Callow, a ransomware expert and threat analyst at Emsisoft, shared a post from the LockBit representative seemingly admitting that LockBit affiliates were responsible for the attack.

TechCrunch has yet to verify LockBit’s involvement, and Royal Mail has not been listed on the gang’s dark web leak site. When reached by email, Royal Mail spokesperson Mark Street declined to comment.