The Memo: Royal Mail targeted by ransomware attack

Group 723.png

First Class security breach: Royal Mail targeted by ransomware attack

Chelsey Stanborough – 23 January 2023

If you tried to send a parcel internationally via Royal Mail last week, you will probably be aware that there have been some disruptions. On the 11th of January, the postal service provider was the target of so called ‘ransomware’ attack, in which a criminal group successfully installed software onto the Royal Mail’s system that prevented it from accessing its data. In these kinds of cases, criminal groups will lock a company out of its own software before demanding a ransom to release it (often in the form of cryptocurrencies which are typically harder to trace). The ransom note - printed in the Royal Mail’s Northern Ireland distribution site – was passed onto the National Crime agency for investigation. Whilst the amount requested in ransom hasn’t been released, research indicates that ransoms against public bodies can range from around $200,000 to almost $1.5 million.

So, where does the law apply in cases like this? As our world becomes increasingly digitalised, the importance of data protection has never been higher. The primary tool against the misuse of technology comes in the form of the Computer Misuse Act 1990, which provides grounds for prosecution in offences against computer systems, including hacking and ransomware. Yet technology has come a long way since the 90’s. Developments in cyber law (such as the Network and Information Systems Regulations introduced last year) have sought to strengthen protections for essential services (particularly around supply chains) through outsourced IT support.

One of the main challenges facing data privacy lawyers is to keep pace with an ever-developing regulatory landscape. Many clients will depend heavily on computer networks to communicate and store information, and regardless of where you are in the space, cyber-attacks aren’t particularly easy to prepare for. It is essential therefore for lawyers in the space to be able to think on their feet. Despite the challenges of this kind of law however, demand is at an all-time high. For prospective lawyers in the space, there may be no better time to dip your toes into data privacy.