Royal Mail’s data breach exposes customer information to other users

Updated on: 02 November 2022

Anna Zhadan
Contributor

Royal Mail, a British postal service company, has temporarily suspended access to its Click and Drop website amid a data breach, which made customer information available to other users.

The updated status on the Click and Drop website describes the incident as an “IT issue” or “a technical problem.” The temporary suspension of the website is a “precautionary measure” taken while the company investigates the problem.

The issue was first disclosed on Tuesday when customers started having access issues and struggling to view their orders. Later, Royal Mail released an update saying that some users were able to see other peoples’ orders.

According to some Twitter posts, customers could access a variety of details, including made orders, business’ order history, and their customers' data.

twitter

During the suspension of the website, customers were advised to use paperwork to hand over their items instead.

Currently, the service has been restored. Royal Mail’s Click and Drop website, which allows customers to pay for and track posts online, was down from 2pm to 6pm on Tuesday.

“We are aware some customers are unable to log in to Click & Drop following the incident yesterday. You can resolve this by clearing your browser cache and cookies. You may need to look up how to do this for your specific web browser. We're sorry for the inconvenience,” the Click and Drop website advises.

It still remains unclear how many customers were affected by the breach and whether the company is planning to notify the Information Commissioner's Office (ICO). An organization has 72 hours to disclose a data breach to the watchdog if it poses a risk to people's rights and freedoms.