Blog
Royal Mail “cyber incident” is an ongoing cyberattack CEO admits to MPs
Simon Thompson, CEO of the U.K.’s Royal Mail, has confirmed in a session with MPs that the crippling of its ability to send parcels and letters abroad was down to a “cyberattack” and that it was “ongoing”.
Thompson said that investigations into the attack on the U.K. postal operator – one of the most high-profile attacks on the country’s critical infrastructure to date – were continuing, but so far there was no evidence that personal data of customers had been compromised. The U.K. National Crime Agency (NCA) and National Cyber Security Centre (NCSC) have been investigating the attack, and the Information Commissioner’s Office (ICO) have all been informed.
The attack first emerged on January 11, when printers began spitting out ransom notes, instead of customs declaration forms. It has left the organization, whose parent is International Distribution Services plc, unable to “export” the majority of letters and parcels, though it is still able to receive mail and packages from abroad, and domestic services are unaffected.
Reports suggested LockBit ransomware was the culprit. The Royal Mail has not confirmed the nature of the attack and has publicly referred to a “cyber incident” . But Thompson confirmed it was a “cyberattack” when he appeared before the UK’s House of Commons Business Select Committee.
Asked by committee member Ruth Edwards MP to explain the situation, Thompson apologized to customers and thanked the security agencies for their help with what he initially referred to as an “incident” rather than an attack. But, he said, “I have been told that to discuss any fine details or any additional details on this particular topic at this point in time would actually be detrimental.”
Further pressed by Edwards, he confirmed “the incident is still ongoing” as are investigations into its impact. He hoped a “workaround” would be available in the very near future. Edwards said that given the involvement of national security agencies, it seemed safe to say the incident was a cyberattack, to which Thompson replied, “Yes, that’s right. We’ve confirmed that we’ve had a cyberattack, yes.”
Thompson said that based on investigations so far, “We believe that there’s been no compromising of any form of customer personal information.” If that changed, he said customers and authorities would be informed immediately. Thompson earlier said that digitization and automation was an essential part revitalizing Royal Mail. He told the committee that the firm had invested £900m in infrastructure over the last three years.
Last week Royal Mail announced it was “trialing operational workarounds and have started moving limited volumes of export parcels.” It also “resumed the export of letters which do not require a customs declaration to all international destinations”. However, letters that do require a customs declaration are still at a standstill. And it is working through its existing stack of parcels – for now, it is still not accepting new international parcels.
The organization said its continued to work with “external experts, the security authorities and regulators to mitigate the impact of this cyber incident, with a focus on restoring all services for export letters and parcels.”