Update The Royal Mail's electronic redirection website was finally restored on Thursday, days after problems affected the postal service's website on Sunday.
A Register reader has come forward with evidence to show that he was presented with the personal details of another user when he logged into the redirection site on Saturday, hours before the service interruption.
We asked Royal Mail if it had any explanation for this and, in particular, whether the site had been taken down as a security precaution. It responded by requesting to speak to the source, asking for more information on the incident. We've forwarded this request to our reader, Andy, who has forwarded a partially blurred image of someone else's personal details he was confronted with when he put his name and address into the site in an attempt to arrange the redelivery of a package online last weekend.
"Whilst attempting to arrange a re-delivery on the Royal Mail website last night [Saturday], I was presented with somebody else's personal details regarding their own delivery package," our source, Andy, explained.
"Since then the website redelivery pages have been unavailable."
Details made available included the name, contact details and address of the person requesting the redirection of an item of recorded mail (something that needs the signature of a recipient for delivery). It did not include credit card or other financial information. Andy was presented these details when he put in his own name, house number and postcode into the site. He didn't enter a tracking number before he was presented with the personal details of another person.
Andy got in touch with the individual involved who said that he too had seen other peoples' contact details when he logged into the website. Andrew complained to Royal Mail on Tuesday, only to receive what he felt was an inadequate response. "I managed to speak with Royal Mail customer services yesterday and they apologised but did not seem to be too worried that other people's personal details were being exposed on their site," he told El Reg.
It's unclear at the time of writing if this is a one-off glitch or a more widespread problem.
Rik Ferguson, a security consultant at Trend Micro, said that without further details it was impossible to say what had happened but the reported glitch is symptomatic of a cross-referencing issue with the Royal Mail's database.
Andy is considering whether or not to report the matter to data privacy watchdogs at the Information Commissioner's Office, a decision that he said depends on whether he gets an adequate response from Royal Mail.
A large number of the Royal Mail's web properties, not just the redirection site, experienced service problems this week. A Royal Mail spokesman forwarded us a statement issued to customers (below) apologising for the service interruptions, which it blames on teething problems involving the migration to a new platform. It said the online postage and SmartStamp applications are working again, albeit not at full capacity, while the online redelivery and redirection booking services, at the centre of Andy's problems, remains unavailable.
The message represented the state of play on Wednesday evening but by Thursday mid-morning Royal Mail's electronic redelivery service had been restored. While the service was down customers were obliged to phone up to have items of post redelivered, rather than using the online facility, which prior to Thursday had been unavailable for four days. ®
I am posting this note to say how very sorry we all are at Royal Mail if you have had difficulties accessing some of the applications on our website. I understand the inconvenience this will have caused in recent days.
The problems some customers have experienced follow technical difficulties that arose after the migration of part of our website to a new platform. As soon as we identified the problem, a message was put on our home page explaining what was happening and we will continue to update this to keep you informed.
Do please rest assured my team and I are working very hard to resolve the problem as quickly as possible. I would be the first to acknowledge that it has taken us longer than we would have liked to find a solution. I can share with you that our Online Postage and SmartStamp applications are working again. We are gradually increasing the capacity of these applications as we resume normal service, so you may find that you are unable to access these applications first time. If you are not able to access the application first time, I would ask you to please try again a few minutes later.
Unfortunately, there are a number of applications that remain unavailable, including our online redelivery and Redirection booking services. Customers can arrange a Redirection by calling 0800 085 2724. Customers with other enquiries, including arranging a redelivery, should contact us in the normal way on 08457 740 740.
We continue to work around the clock to make sure your service is restored as quickly as possible.
Please again accept my sincere apologies for the disruption. We will continue to update you on our progress as we resolve it.
Nick Landon Director of Customer Experience
Since we published this story, a Royal Mail spokesman has been in contact with the complainant. He told El Reg: "As soon as we became aware of problems with the redelivery application we took it down from the Royal Mail website while we sought to resolve the issue. We always treat such matters extremely seriously and can only apologise to the customer if this was not made clear in his conversation with a Royal Mail representative."