The Royal Mail has fallen victim to a ransomware attack that continues to disrupt its international shipping services over two weeks since the hack occurred.
The ransomware gang Lockbit are believed to be responsible for the attack. Based in Russia, they’re the most prolific ransomware group in the world, taking credit for a quarter of all ransomware attacks in 2022 in locations across the world. The Royal Mail is considered to be their biggest target so far, with hospitals, small businesses, and local authorities all featuring on their list of victims.
Despite the problem emerging over two weeks ago on the 10th of January, the Royal Mail has not yet resumed business as usual with their international shipping services. Users of the service have been asked not to attempt to ship internationally until the situation is rectified. Businesses who are reliant on shipping their goods via the Royal Mail are left exasperated and frustrated, as they’re left no choice but to either foot the bill of a courier company themselves or leave their customers in the dark about when they might receive their packages.
The exact nature of the attack is unclear, but The Telegraph reported that shipping label printers in a distribution centre near Belfast began printing “Lockbit Black Ransomware. Your data has been stolen and encrypted.”
Ransomware hackers infiltrate company systems, steal data, encrypt it, and demand a financial reward for its return. Globally, ransomware cost over $20 billion in 2021. That figure is expected to rise as attacks become more frequent, with some experts estimating cybercrime will cost $10.5 trillion by 2025.
The Royal Mail does not believe that any customer data was compromised in the attack. However, as a precaution, they informed the Information Commissioner’s Office.
Does the attack breach data protection laws?
As customer data hasn’t been affected in the attack and ICO was informed without delay, no data protection laws have been breached.
The General Data Protection Regulation (GDPR) safeguards your right to privacy. Any company that collects data is bound to the legislation and they must protect your private information.
Under GDPR, personal data is deemed as private data that” an individual can be identified directly or indirectly by. This includes:
- Full names
- Email addresses
- Date of births
- Bank details
Only two months ago, The Royal Mail suffered another data breach that resulted in customers personally identifying data being publicly available on their website. People who had their data exposed could make a compensation claim for any distress, financial losses, or disruption caused by the breach.
How can I make a data protection claim?
If you believe you have been the victim of a data breach, you may be entitled to compensation. To make a claim, you either need to go directly to the company responsible or raise a civil case. However, organisations frequently attempt to undercompensate data breach victims, which is why we highly recommend you consult a solicitor.
HNK Solicitors can help you make a successful claim
In the unfortunate event that your data is stolen in a cyber attack, we can help you get the compensation you rightfully deserve. Dealing with the ramifications of an organisation losing your private information can be incredibly stressful, and we’re here to help you through the process and alleviate some of your concerns.
We operate on a no-win, no-fee basis, so until you receive your compensation, there isn’t a penny to pay.