HNK Solicitors HNK Solicitors

Royal Mail data breach: technical glitch exposes customers’ information

The Royal Mail had to take down its Click & Drop service on the 1st of November after a data breach resulted in customers being able to see other users’ information.

At 1 pm, customers began to report seeing details of people’s orders, customer’s details, and business’s order history. The Royal Mail attributed the leak to a technical glitch.

The Royal Mail took the service down an hour later and released the statement:

“We have been made aware there was an issue affecting Click & Drop that meant some customers could see other customer’s orders. As a protective measure, we have stopped access to Click & Drop temporarily.”

They restored the service by 6 pm that evening. It’s designed to let users print labels, track their packages and pay for postage online.

The next day users took to Twitter to complain that the site still wasn’t working, and some people were charged twice for a label they never received.

Did the glitch breach data protection legislation?

The UK General Data Protection Regulation (UK GDPR) has seven principles, that all organisations that store data must adhere to. It was enshrined into law to keep your data safe and secure.

  1. Lawfulness, fairness and transparency
  2. Accuracy
  3. Confidentiality
  4. Accountability
  5. Limited storage
  6. Minimisation
  7. Limited use

If an organisation violates any of those principles and data is lost, exposed, or taken, the victim is eligible for compensation. The company will also need to inform the Information Commissioner’s Office (ICO), which will perform its own investigation.

However, the ICO did release a statement the day after the breach saying that the Royal Mail had not informed them of a breach. They further clarified there is no need for an organisation to report a data breach to them unless it poses “a risk to people’s rights and freedoms.”

If personal information leaked in the breach, such as names, addresses, or bank details, then the Royal Mail would be in breach of the UK GDPR. Failure to report the breach to ICO would therefore be unlawful.

Our team of data breach specialists can help you with your claim

If you’re concerned that your data may have been exposed in the Royal Mail breach, get in touch with us, and we can investigate on your behalf. Our solicitors are experts in data protection legislation and can help you get the compensation you deserve.

We understand that when you hand your personal information over to an organisation, you expect it to be kept safe and secure. If a company fails to adhere to GDPR, there can be serious financial and psychological consequences, which could entitle you to compensation.

We offer a no-win, no-fee service, so you won’t have to pay a penny until you receive your award.

To get started on your claim, get in touch with us today, either via our online claim form, calling us on 0151 668 0814 or sending us an email at

Share article


Latest News

No Win No Fee, Free Consultation

Please fill out the form below to get started with your claim

Please enable JavaScript in your browser to complete this form.
Terms & Conditions
Skip to content