​Royal Mail is investigating claims of a security breach after a threat actor leaked over 144GB of data allegedly stolen from the company's systems.

While the British postal service has yet to confirm that its systems were breached, a spokesperson told BleepingComputer that Royal Mail is aware of an incident at Spectos GmbH, a third-party data collection and analytics service provider.

"We are aware of an incident which is alleged to have affected Spectos, a supplier of Royal Mail. We are working with the company to investigate the issue and establish what impact there may be regarding their data," BleepingComputer was told. "We can confirm there has been no impact on Royal Mail operations and services continue to function as normal."

Spectos also confirmed in a statement shared with BleepingComputer that its systems were breached on March 29, and the attackers gained access to customer data.

"Spectos GmbH has been the target of an ongoing cyber attack since March 29, 2025. According to the current status, unauthorized access to systems and personal customer data has occurred. The exact scope of the incident is currently the subject of intensive forensic investigations," a spokesperson told BleepingComputer.

The threat actor behind this leak (who uses the "GHNA" handle on BreachForums) released 16,549 files allegedly containing Royal Mail customers' personally identifiable information (including names, addresses, planned delivery dates, and more) and other confidential documents.

GHNA says the leaked documents also include Mailchimp mailing lists, datasets containing delivery/post office locations, the WordPress SQL database for mail agents.uk, internal Zoom meeting video recordings between Spectos and the Royal Mail Group, and more.

​Breached using stolen credentials

While Royal Mail and Spectos have yet to share more information on the breach, cybersecurity company Hudson Rock says the attackers gained access to Royal Mail systems using the credentials of a Spectos employee compromised in a 2021 info stealer malware incident.

"In this case, the infected Spectos employee's credentials provided a gateway to Royal Mail Group's systems," Hudson Rock CTO Alon Gal said. "The stolen data sat dormant until recently, when it was weaponized in these high-profile leaks."

This isn't the first time Royal Mail has dealt with a security breach since it was founded over 500 years ago. The British postal service was also breached two years ago in a cyberattack claimed by the notorious LockBit ransomware operation.

The January 2023 breach forced the company to halt international shipping services due to what it described as a "cyber incident" causing "severe service disruption." Royal Mail restored these services three weeks after the ransomware attack impacted its operations.

Another outage hit Royal Mail in November 2022, which took down tracking services for more than 24 hours.