UK’s Royal Mail suffers exports disruption from ‘cyber incident’

12 Jan 2023

Image: © Cerib/

The postal service advised customers not to send export mail until the issue is resolved, while UK authorities are investigating the incident.

Royal Mail has announced it is temporarily unable to send items overseas after being disrupted by a “cyber incident”.

The UK postal service advised customers yesterday (11 January) to hold off on sending any export mail while the issue is resolved.

The company said its international export service is facing “severe service disruption” that could delay any currently dispatched exports.

Royal Mail said its import service continues to operate “with some minor delays”. The company’s Parcelforce Worldwide export service is still operating but customers were warned that delays of one to two days should be expected.

The postal service did not specify what the cyber incident was, but said it has informed relevant authorities and has launched an investigation with the help of external experts.

“We would like to sincerely apologise to impacted customers for any disruption this incident is causing,” Royal Mail said in a statement. “Our teams are working around the clock to resolve this disruption and we will update you as soon as we have more information.”

A spokesperson for the National Cyber Security Centre said the organisation is working with Royal Mail and the National Crime Agency to “fully understand the impact” of the incident.

The incident marks another high-profile cyberattack on UK soil recently, as two cabinet ministers had their Twitter accounts hacked last week. This followed a serious IT incident that hit The Guardian last month, which the paper confirmed was a ransomware attack.

Raj Samani, SVP chief scientist at cybersecurity company Rapid7, said cyberattacks like this can have a considerable impact, particularly as Royal Mail was already facing “significant disruption”.

He added that targeting the availability of systems is a tactic that has “long been the MO of many criminal groups”.

“As the investigation continues, we would encourage the sharing of indicators of the attack such that it can benefit the defences of other organisations to mitigate future incidents targeting other companies,” Samani said.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic