Royal Mail has asked customers to stop sending parcels and letters to overseas destinations after a cyber incident caused “severe service disruption” to international exports.
The company said on Wednesday it was temporarily unable to dispatch export items, warning that letters and parcels in transit to international destinations may be delayed.
Royal Mail’s Parcelforce Worldwide brand was still operating to all international destinations, but customers should expect delays of one to two days, the company said. Domestic post has not been affected.
It did not reveal the nature of the cyber incident, but Royal Mail said external advisers had been engaged to help investigate and the incident had been reported to regulators and security authorities.
The company has informed the government’s National Cyber Security Centre, which works to protect UK institutions from cybercrime, and the National Crime Agency, which tackles serious and organised crime.
The incident follows six days of strikes by more than 100,000 postal workers in December, including one on Christmas Eve. Royal Mail has been locked in a dispute with staff represented by the Communication Workers Union over pay and working conditions.
Between August and the end of 2022, Royal Mail workers staged 18 days of strikes and the CWU is planning to ballot members from 23 January to gain a mandate for further national action, with the result to be announced on 16 February. The union is continuing negotiations with Royal Mail executives.
International parcel deliveries account for a relatively small proportion of the company’s business, although their services are relied upon by many UK-based online retailers. The company delivered 152m international parcels in the year to March 2022, amounting to one-tenth of total parcel volumes, according to the most recent accounts.
International parcels earned the company £779m in revenue for the year, although that was a marked decline from the £1bn brought in during 2021.
In 2018, the government estimated that cybercrime costs the UK economy £28bn a year. However, the scale of the problem is thought to be growing as more and more business is carried out online, with organised criminal gangs and state actors involved in attacks. The increase in cybercrime aimed at individuals was fuelled in recent years by scams exploiting the pandemic.
Royal Mail discovered the problem on Tuesday and has been working with affected clients since then, as well as trying to identify the source of the issues. It has not said when the problems will be resolved.
The company said: “We have asked customers temporarily to stop submitting any export items into the network while we work hard to resolve the issue. Some customers may experience delay or disruption to items already shipped for export.
“Our import operations continue to perform a full service with some minor delays. Our teams are working around the clock to resolve this disruption and we will update customers as soon as we have more information.
“We would like to sincerely apologise to impacted customers for any disruption this incident may be causing.”
A National Cyber Security Centre spokesperson said: “We are aware of an incident affecting Royal Mail Group Ltd and are working with the company, alongside the National Crime Agency, to fully understand the impact.”
The share price of International Distributions Services, the name of Royal Mail’s London-listed parent group, fell on Wednesday afternoon after the announcement, finishing the day down by 0.8%.
