The UK’s postal service has warned customers of “severe service disruption” for items sent abroad, after it suffered an unspecified “cyber-incident.”
“We are temporarily unable to dispatch items to overseas destinations. We strongly recommend that you temporarily hold any export mail items while we work to resolve the issue,” it said in a statement yesterday.
“Items that have already been dispatched may be subject to delays. We would like to sincerely apologize to impacted customers for any disruption this incident is causing.”
The postal service added that import operations are suffering only slight delays and that its Parcelforce Worldwide brand is still operating to international destinations, albeit with delays of one to two days.
“Our teams are working around the clock to resolve this disruption and we will update you as soon as we have more information,” it concluded.
“We immediately launched an investigation into the incident and we are working with external experts. We have reported the incident to our regulators and the relevant security authorities.”
The UK’s National Cyber Security Centre (NCSC) acknowledged this in a brief statement of its own.
“We are aware of an incident affecting Royal Mail Group and are working with the company, alongside the National Crime Agency, to fully understand the impact,” it confirmed.
The incident comes at a bad time for Royal Mail, after workers held up deliveries over the busy Christmas period during strikes over jobs, pay and conditions.
Service disruption of this sort is often tied to ransomware attacks, which force victim organizations to rapidly disconnect IT systems before sensitive files can be stolen and/or scrambled by attackers.
However, there’s currently no indication of what caused the incident.
Oz Alashe, CEO of CybSafe, argued that best practices to mitigate the risk of service disruption focus on people, process and technology.
“General cyber-hygiene, from vulnerability assessments and network segmentation to backing up data and carrying out regular patching, is instrumental in preventing such incidents,” he added.
“However, while technical solutions are important, equal emphasis should be placed on how we view cybersecurity from a human, behavioral perspective. Most people encounter cybersecurity through monthly or annual awareness programs that are immediately forgotten in the chaos of our busy lives. Yet these frequent stories of significant breaches are evidence enough that this approach should change.”