Royal Mail data breach as customers’ information leaked to other users

Business

Royal Mail has experienced a data breach where customers have seen the information of others users.

A statement on Royal Mail’s Click and Drop status updates website said: “We have been made aware there was an issue affecting Click & Drop that meant some customers could see other customer’s orders.

“As a protective measure, we have stopped access to Click & Drop temporarily.”

The website is temporarily suspended as “a precautionary measure”, a Royal Mail spokesperson said, following reports that some customers were able to see information about other customers’ orders following “a technical problem”.

“We are investigating the incident in order to fix the IT systems issue. We apologise for any inconvenience.”

The issue was first acknowledged by the company on Tuesday afternoon when it said it was investigating issues with accessing Click and Drop and orders not appearing for users.

Later that afternoon, the issue was being treated as “the highest priority”, the Click and Drop status updates website said.

More on Royal Mail

Complaints on Twitter in response to the status updates had been mounting through the afternoon.

Some users reported seeing details of people’s orders, business’s order history and their customers details.

But no complaint has, as yet, been lodged with independent watchdog, the Information Commissioner’s Office (ICO).

Royal Mail has 72 hours after becoming aware of a personal data breach in which to notify the ICO unless the breach does not “pose a risk to people’s rights and freedoms” an ICO spokesperson said.

“If an organisation decides that a breach doesn’t need to be reported they should keep their own record of it, and be able to explain why it wasn’t reported if necessary.

“If anyone has concerns about how their data has been handled, they can report these concerns to us.”

The Click and Drop website has been has been down since shortly before 2pm on Tuesday.

“We fully understand and apologise for the inconvenience caused by this,” Click and Drop status updates website said

“Our engineers are working as hard as possible to get the site back up and running as expected.”

On Monday last week, the company was spared two weeks of strike action by the Communications Workers Union (CWU) after the union withdrew planned walkouts on 2, 3, 4, 8, 9 and 10 November.

Royal Mail’s parent company, International Distributions Services plc, just last month announced it would begin a process to make 5,000 to 6,000 roles redundant by August next year.

The announcement was blamed on industrial action taken by Royal Mail workers, delays in improving productivity and falling parcel volumes.

A process of “consulting on rightsizing” is to begin to reduce jobs by an estimated 5,000 full time roles by March 2023 and 10,000 by end of August 2023 to achieve short-term cost efficiencies, the parent company said.