In a significant cybersecurity incident, the United Kingdom’s Royal Mail Group has reportedly experienced a massive data breach, resulting in the leak of 144GB of sensitive internal files, customer information, and marketing data. The information was first disclosed by a user named GHNA on the cybercrime forum Breach Forum on March 31, 2025.
The breach has alarmed security experts, as GHNA’s post included access to a disturbing array of sensitive data. The extensive archive comprises 293 folders and nearly 16,549 files, revealing customer Personally Identifiable Information (PII) such as names, addresses, and shipping details. Additionally, internal communications, operational data, and marketing infrastructure data have also been compromised. The leak suggests that the hacker might have gained access through a potential vulnerability within Royal Mail or through its performance management supplier, Spectos.
Scrutiny is now being directed towards Spectos, a German-based data analytics company, which has been implicated in previous data leaks. The post from GHNA explicitly called out Spectos, raising questions about the security practices of third-party vendors with direct access to sensitive data. While the Royal Mail Group is aware of the breach and is working with Spectos to investigate, no public statement has yet been released by the supplier.
This incident marks a troubling continuation of security challenges for Royal Mail, following a previous ransomware attack by the LockBit gang in early 2023 that severely disrupted operations. With the increasing frequency and sophistication of cyber threats, the latest breach undoubtedly raises concerns over data privacy protections and the robustness of vendor management strategies. Customers may now face heightened risks of scams or identity theft, leading to increased scrutiny from regulatory bodies regarding the organization’s data handling practices.