Customer info allegedly stolen from compromised supplier of Royal Mail, Samsung – Source: go.theregister.com

Updated Britain’s Royal Mail is investigating after a crew calling itself GHNA claimed it was selling 144GB of the delivery giant’s customer data, perhaps after acquiring it with the same stolen credentials it used to siphon info on Samsung Germany’s punters.

“We are aware of an incident which is alleged to have affected Spectos, a supplier of Royal Mail,” the UK operation told The Register. Spectos GmbH is a German supplier of logistics management software tools and services.

“We are working with the company to investigate the issue and establish what impact there may be regarding their data. We can confirm there has been no impact on Royal Mail operations and services continue to function as normal,” the postal org told us.

GHNA on Monday used the notorious BreachForums site to claim it had pilfered 293 folders and 16,549 files relating to Royal Mail Group. The data is said to include names, phone numbers, and physical addresses of senders and recipients, plus details about packages. The stolen haul also apparently includes a Mailchimp mailing list, an SQL database that appears to store the WordPress implementation tied to the website mailagents.uk, and recordings of Zoom chats between Royal Mail and Spectos.

Infosec outfit Hudson Rock CTO and its co-founder Alon Gal think the allegedly stolen data came from a Raccoon infostealer infection – Windows malware that exfiltrates info from compromised systems – that hit Spectos in 2021 and yielded at least one set of employee account credentials.

GHNA’s post about its alleged Royal Mail haul states it is “courtesy of Spectos, again.”

We are aware of an incident which is alleged to have affected Spectos, a supplier of Royal Mail

Hudson Rock’s Gal thinks it’s likely the same login credentials were used to obtain info pertaining to Samsung Germany. That is to say, whichever miscreant logged into Spectos using the compromised credentials to extract Royal Mail data, also took Samsung-related files, too, or so it’s claimed.

The Samsung incident saw GHNA again claim it had stolen information, in this case 270,000 customer service tickets. The data allegedly spans multiple years, with a large number of entries dated 2025.

The swiped records apparently include people’s full names, physical and email addresses, the model numbers of their hardware, payment details, and communications between Samsung and its German punters.

• There are 10,000 reasons to doubt Oracle Cloud’s security breach denial
• Data on 760K workers from Xerox, Nokia, BofA, Morgan Stanley and more dumped online
• Feds: Army soldier suspected of AT&T heist Googled ‘can hacking be treason,’ ‘defecting to Russia’
• Amazon confirms employee data exposed in leak linked to MOVEit vulnerability

Hudson Rock warned that analysis of the stolen datasets could allow cybercrims to find and defraud or rob victims.

The Samsung data, for example, apparently includes purchase records that mention home addresses – a combo that could allow criminals to pinpoint owners of pricey electronics. The same is true for Royal Mail customers, thanks to the leak apparently containing order histories that could allow crooks to analyze where big spenders reside. The allegedly stolen data could therefore fuel a real-world break-in.

Spectos and Samsung had no comment at the time of writing. ®

Updated to add on April 4

Judging from what Royal Mail has told us, data seemingly stolen from its software supplier Spectos may well involve the British package giant’s customers, and that if any info was pilfered, it would be information people had shared with the outsourced supplier rather than Royal Mail.

“A Spectos investigation is ongoing as well as a review of the data published online,” a spokesperson for the postal org said. “Royal Mail does not send any personal customer or financial data to Spectos.”