Royal Mail international shipping update: is tracking working - cyber attack latest explained

Royal Mail has fully resumed sending international post after the cyber attack in January by a suspected Russian-linked ransomware gang

Royal Mail has finally resumed its full international service, almost six weeks after the cyber attack by a Russian-linked ransomware gang.

Last month, company was hit by cyber attack, which caused “severe disruption” to its international export services. It was unable to dispatch items, including letters and parcels, overseas, however domestic mail was not affected.

The hack is believed to have left more than half a million letters and parcels stuck in limbo. Royal Mail alerted the National Cyber Security Centre and the National Crime Agency who are investigating. The postal service has faced several crises recently, with a series of strikes in 2022 and CEO Simon Thompson coming under fire from MPs about his management of Royal Mail.

Can I send post through the Royal Mail?

In an update on 21 February, Royal Mail said all export services had been restores, however the delivery of international items may take slightly longer.

Royal Mail restarted exporting parcels overseas, which had already been processed, as well as standard export letters from 19 January. And due to “progress and the growing capability of our alternative export solutions”, more services were resumed from Thursday 26 January.

In the latest service update on its website, it said: “Royal Mail International Export services have now been reinstated to all destinations for purchase online, through shipping solutions and over the counter at Post Office branches.

The Royal Mail has been hacked. Credit: JUSTIN TALLIS/AFP via Getty Images
The Royal Mail has been hacked. Credit: JUSTIN TALLIS/AFP via Getty Images
The Royal Mail has been hacked. Credit: JUSTIN TALLIS/AFP via Getty Images

“Delivery of international items may take slightly longer than usual. Customers using International Tracked / International Tracked and Signed services may notice different tracking information as items leave the UK.

We are seeing some delays to some tracking events in a small number of destinations. As we continue to work with our partners to resolve this, if you cannot see tracking information for your items then it is likely to be available on the overseas’ posts own tracking websites.

“Customers sending items requiring a customs declaration (such as goods or gifts) internationally are asked to purchase postage online, through shipping solutions or over the counter at Post Office branches rather than use Postage Stamps or Meters.

“Import operations continue to perform a full service with some minor delays. Domestic services remain unaffected. We would like to apologise to impacted customers for the disruption this incident is causing.”

Who is behind the cyber attack?

The attack is suspected to have come from a Russian-linked ransomware gang called Lockbit, the Telegraph first reported. A Royal Mail distribution centre in Northern Ireland revealed its printers began “spurting” out copies of a ransom note saying “your data are stolen and encrypted.”

Lockbit is believed to have close links to Russia and was behind a major hack of car dealership Pendragon last year - which refused to pay a ransom payment of 60 million dollars. Royal Mail would not comment on the hacking reports, but said it had launched an investigation into the incident and had reported it to its regulators and security authorities.

What has the Royal Mail said about it?

Neill O’Sullivan, Post Office managing director parcels and mails, said: “Postmasters have been the innocent victims of this faceless crime, unable to support businesses and consumers wishing to use their expertise to get parcels sent abroad.

“For many small businesses, Post Offices are an integral part of their business set-up and this has been a challenging time for them too. We have worked day and night in partnership with Royal Mail to reinstate all international services via our branch network.”

The Post Office said it was providing additional money to Postmasters for handling international items at branches in the form of a new fixed payment for each transaction.

In addition, for all Royal Mail international labels sold in branch during February and March, Post Office will pay additional commission on the value of each item.

O’Sullivan added: “These past weeks have been difficult for postmasters who through no fault of their own have missed out on remuneration for providing international mail services. Postmasters are operating in a tough economic climate and this package of remuneration improvements should help rebuild their earnings from international parcels.”

Following the attack, the Royal Mail said: “We have asked customers temporarily to stop submitting any export items into the network while we work hard to resolve the issue. Some customers may experience delay or disruption to items already shipped for export.

“Our import operations continue to perform a full service with some minor delays. Our teams are working around the clock to resolve this disruption and we will update customers as soon as we have more information.

“We immediately launched an investigation into the incident and we are working with external experts. We have reported the incident to our regulators and the relevant security authorities.

“We would like to sincerely apologise to impacted customers for any disruption this incident may be causing.”

A National Cyber Security Centre spokesman said: “We are aware of an incident affecting Royal Mail Group Ltd and are working with the company, alongside the National Crime Agency, to fully understand the impact.” The National Crime Agency has been approached for comment.

The National Crime Agency confirmed it is also looking into the incident. An Information Commissioner’s Office spokesperson added: “Royal Mail has made us aware of an incident and we will be making inquiries.”

Royal Mail cyber attack could have ‘long term effects’

Paul Holland, a cybersecurity expert and CEO at Beyond Encryption, explained: “At this early stage it’s very difficult to determine the nature of this attack, however one can assume that due to the immediate impact it has had on operations that this was an attack on their core systems. Royal Mail have contacted the relevant authorities and will naturally want to be sure they have effectively closed the door on any threats before they disclose any further details.

“Similarly how quickly this attack will be resolved is at this stage hard to predict. However, we can expect this to have significant long term effects on Royal Mail’s operations.

“The whole country experienced the impact strike action had on post and due to the huge throughput Royal Mail deal with any pause to operations can have a long-lasting impact on the service. Unfortunately for the Royal Mail, as the cost of post continues to increase, as well as a growing familiarity with digital communications turbo-charged by the pandemic, it’s hard to not see this attack negatively impact consumers' propensity to use the service.

“Likewise businesses that are looking to digitise operations are likely to see deliberations and actions accelerate as result of this attack."