Royal Mail Click & Drop logo

Royal Mail breach allowed customers to see other people’s data

The UK’s Royal Mail Click & Drop service shut down on Tuesday after being made aware of a situation where some customers could see other customer’s orders.

Click & Drop gives Royal Mail’s customers the ability to buy and print postage for orders online. Royal Mail provided no details of how many customers’ data may have been compromised.


It is unclear what caused the issue, other than Royal Mail’ saying it came about following a “technical problem” and that it was working on fixing the “IT systems issue.”

From reactions on Twitter it appears customers logged into their own account then had access to other customers’ account information, current orders, and order history.

users tweeting about the issue

Tweets from Click & Drop customers saying they saw other customer’s information”>


For many customers, especially small and medium sized web shop owners, the Click & Drop service is essential. Unfortunately, it took Royal Mail several hours to investigate and fix the issue. And even the next day some customers were still unable to log in to Click & Drop. They were advised to solve the login problems by clearing their browser cache and cookies.

Three days later, users are still complaining about Click & Drop not processing payments, or getting double bills.

If further details become known we will keep you updated here.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.