Feeds

Punters go postal with erratic Royal Mail site

'How very sorry we all are', say posties

3 Big data security analytics techniques

Update The Royal Mail's electronic redirection website was finally restored on Thursday, days after problems affected the postal service's website on Sunday.

A Register reader has come forward with evidence to show that he was presented with the personal details of another user when he logged into the redirection site on Saturday, hours before the service interruption.

We asked Royal Mail if it had any explanation for this and, in particular, whether the site had been taken down as a security precaution. It responded by requesting to speak to the source, asking for more information on the incident. We've forwarded this request to our reader, Andy, who has forwarded a partially blurred image of someone else's personal details he was confronted with when he put his name and address into the site in an attempt to arrange the redelivery of a package online last weekend.

"Whilst attempting to arrange a re-delivery on the Royal Mail website last night [Saturday], I was presented with somebody else's personal details regarding their own delivery package," our source, Andy, explained.

"Since then the website redelivery pages have been unavailable."

Details made available included the name, contact details and address of the person requesting the redirection of an item of recorded mail (something that needs the signature of a recipient for delivery). It did not include credit card or other financial information. Andy was presented these details when he put in his own name, house number and postcode into the site. He didn't enter a tracking number before he was presented with the personal details of another person.

Andy got in touch with the individual involved who said that he too had seen other peoples' contact details when he logged into the website. Andrew complained to Royal Mail on Tuesday, only to receive what he felt was an inadequate response. "I managed to speak with Royal Mail customer services yesterday and they apologised but did not seem to be too worried that other people's personal details were being exposed on their site," he told El Reg.

It's unclear at the time of writing if this is a one-off glitch or a more widespread problem.

Rik Ferguson, a security consultant at Trend Micro, said that without further details it was impossible to say what had happened but the reported glitch is symptomatic of a cross-referencing issue with the Royal Mail's database.

Andy is considering whether or not to report the matter to data privacy watchdogs at the Information Commissioner's Office, a decision that he said depends on whether he gets an adequate response from Royal Mail.

A large number of the Royal Mail's web properties, not just the redirection site, experienced service problems this week. A Royal Mail spokesman forwarded us a statement issued to customers (below) apologising for the service interruptions, which it blames on teething problems involving the migration to a new platform. It said the online postage and SmartStamp applications are working again, albeit not at full capacity, while the online redelivery and redirection booking services, at the centre of Andy's problems, remains unavailable.

The message represented the state of play on Wednesday evening but by Thursday mid-morning Royal Mail's electronic redelivery service had been restored. While the service was down customers were obliged to phone up to have items of post redelivered, rather than using the online facility, which prior to Thursday had been unavailable for four days. ®

Dear Customer,

I am posting this note to say how very sorry we all are at Royal Mail if you have had difficulties accessing some of the applications on our website. I understand the inconvenience this will have caused in recent days.

The problems some customers have experienced follow technical difficulties that arose after the migration of part of our website to a new platform. As soon as we identified the problem, a message was put on our home page explaining what was happening and we will continue to update this to keep you informed.

Do please rest assured my team and I are working very hard to resolve the problem as quickly as possible. I would be the first to acknowledge that it has taken us longer than we would have liked to find a solution.  I can share with you that our Online Postage and SmartStamp applications are working again. We are gradually increasing the capacity of these applications as we resume normal service, so you may find that you are unable to access these applications first time. If you are not able to access the application first time, I would ask you to please try again a few minutes later.

Unfortunately, there are a number of applications that remain unavailable, including our online redelivery and Redirection booking services. Customers can arrange a Redirection by calling 0800 085 2724. Customers with other enquiries, including arranging a redelivery, should contact us in the normal way on 08457 740 740.

We continue to work around the clock to make sure your service is restored as quickly as possible.

Please again accept my sincere apologies for the disruption. We will continue to update you on our progress as we resolve it.

Yours sincerely

Nick Landon Director of Customer Experience

®

Update

Since we published this story, a Royal Mail spokesman has been in contact with the complainant. He told El Reg: "As soon as we became aware of problems with the redelivery application we took it down from the Royal Mail website while we sought to resolve the issue. We always treat such matters extremely seriously and can only apologise to the customer if this was not made clear in his conversation with a Royal Mail representative."

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.