Royal Mail Data Breach: 144GB of Sensitive Information Now Available for Sale
Royal Mail has recently made headlines after falling victim to a sophisticated cyber-attack, resulting in the theft of a large amount of sensitive data. The breach has now escalated, with the stolen information reportedly being sold on the dark web.
After speculation surrounding the breach, Royal Mail confirmed it had been attacked, explaining that hackers had infiltrated the systems of Spectos, a German technology company it collaborates with. This breach, which occurred in mid-March 2025, saw a threat actor named ‘GHNA’ gain access to Spectos’ database and steal around 144GB of data belonging to Royal Mail Group. The stolen files include private customer documents and internal Zoom meeting recordings between Spectos and Royal Mail, which are now available for purchase on the dark web.
This cyber-attack is not Royal Mail’s first encounter with malicious hacking activities. In 2023, the company became a victim of a ransomware attack by the notorious LockBit ransomware group. The criminals initially demanded a ransom of £65.7 million but eventually backed off, realizing they had mistakenly targeted the wrong party.
The Royal Mail breach raises serious concerns about the vulnerability of sensitive information, especially within large organizations that handle critical services. With personal data and internal communications exposed, customers and employees alike may face increased risks of identity theft and privacy violations.
About 400GB of X (formerly Twitter) Data for Sale on Dark Web
In another major data breach, a disgruntled former employee of X (formerly Twitter) has allegedly posted 400GB of data on a dark web forum. This incident is tied to the company’s mass layoffs, which began in late 2023 and have continued into 2024 and 2025. The hacker, known by the pseudonym “Thinking One,” claimed to have stolen sensitive information related to over 2.87 billion user accounts on X.
On March 28, 2025, the hacker uploaded the data to a breach forum, offering it for sale. As of April 1, 2025, the data remains unsold, despite being publicly listed for several days. The leaked data consists mainly of metadata, including user profile IDs, screen names, account descriptions, creation dates, follower counts, and details about user activity such as the devices used for tweeting and the status settings of accounts.
Interestingly, a portion of the dataset appears to have been scraped from data stolen in 2023, while the rest seems to have been freshly obtained from X’s servers. This suggests that the hacker may have exploited vulnerabilities in the company’s systems over an extended period, potentially gaining new access with each wave of layoffs.
This breach raises significant concerns about the safety of user data on social media platforms, especially as the dataset includes information about billions of users. While the leaked data may not directly expose passwords or sensitive personal details, the metadata can still be used to build comprehensive profiles of users, heightening the risk of targeted attacks such as phishing, fraud, and social engineering.
Both these incidents underscore the growing threat of cybercrime and the need for companies to bolster their cybersecurity measures to protect against increasingly sophisticated threats. More details are expected as investigations into both breaches continue to unfold.
