Feeds

Punters go postal with erratic Royal Mail site

'How very sorry we all are', say posties

Internet Security Threat Report 2014

Update The Royal Mail's electronic redirection website was finally restored on Thursday, days after problems affected the postal service's website on Sunday.

A Register reader has come forward with evidence to show that he was presented with the personal details of another user when he logged into the redirection site on Saturday, hours before the service interruption.

We asked Royal Mail if it had any explanation for this and, in particular, whether the site had been taken down as a security precaution. It responded by requesting to speak to the source, asking for more information on the incident. We've forwarded this request to our reader, Andy, who has forwarded a partially blurred image of someone else's personal details he was confronted with when he put his name and address into the site in an attempt to arrange the redelivery of a package online last weekend.

"Whilst attempting to arrange a re-delivery on the Royal Mail website last night [Saturday], I was presented with somebody else's personal details regarding their own delivery package," our source, Andy, explained.

"Since then the website redelivery pages have been unavailable."

Details made available included the name, contact details and address of the person requesting the redirection of an item of recorded mail (something that needs the signature of a recipient for delivery). It did not include credit card or other financial information. Andy was presented these details when he put in his own name, house number and postcode into the site. He didn't enter a tracking number before he was presented with the personal details of another person.

Andy got in touch with the individual involved who said that he too had seen other peoples' contact details when he logged into the website. Andrew complained to Royal Mail on Tuesday, only to receive what he felt was an inadequate response. "I managed to speak with Royal Mail customer services yesterday and they apologised but did not seem to be too worried that other people's personal details were being exposed on their site," he told El Reg.

It's unclear at the time of writing if this is a one-off glitch or a more widespread problem.

Rik Ferguson, a security consultant at Trend Micro, said that without further details it was impossible to say what had happened but the reported glitch is symptomatic of a cross-referencing issue with the Royal Mail's database.

Andy is considering whether or not to report the matter to data privacy watchdogs at the Information Commissioner's Office, a decision that he said depends on whether he gets an adequate response from Royal Mail.

A large number of the Royal Mail's web properties, not just the redirection site, experienced service problems this week. A Royal Mail spokesman forwarded us a statement issued to customers (below) apologising for the service interruptions, which it blames on teething problems involving the migration to a new platform. It said the online postage and SmartStamp applications are working again, albeit not at full capacity, while the online redelivery and redirection booking services, at the centre of Andy's problems, remains unavailable.

The message represented the state of play on Wednesday evening but by Thursday mid-morning Royal Mail's electronic redelivery service had been restored. While the service was down customers were obliged to phone up to have items of post redelivered, rather than using the online facility, which prior to Thursday had been unavailable for four days. ®

Dear Customer,

I am posting this note to say how very sorry we all are at Royal Mail if you have had difficulties accessing some of the applications on our website. I understand the inconvenience this will have caused in recent days.

The problems some customers have experienced follow technical difficulties that arose after the migration of part of our website to a new platform. As soon as we identified the problem, a message was put on our home page explaining what was happening and we will continue to update this to keep you informed.

Do please rest assured my team and I are working very hard to resolve the problem as quickly as possible. I would be the first to acknowledge that it has taken us longer than we would have liked to find a solution.  I can share with you that our Online Postage and SmartStamp applications are working again. We are gradually increasing the capacity of these applications as we resume normal service, so you may find that you are unable to access these applications first time. If you are not able to access the application first time, I would ask you to please try again a few minutes later.

Unfortunately, there are a number of applications that remain unavailable, including our online redelivery and Redirection booking services. Customers can arrange a Redirection by calling 0800 085 2724. Customers with other enquiries, including arranging a redelivery, should contact us in the normal way on 08457 740 740.

We continue to work around the clock to make sure your service is restored as quickly as possible.

Please again accept my sincere apologies for the disruption. We will continue to update you on our progress as we resolve it.

Yours sincerely

Nick Landon Director of Customer Experience

®

Update

Since we published this story, a Royal Mail spokesman has been in contact with the complainant. He told El Reg: "As soon as we became aware of problems with the redelivery application we took it down from the Royal Mail website while we sought to resolve the issue. We always treat such matters extremely seriously and can only apologise to the customer if this was not made clear in his conversation with a Royal Mail representative."

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.