LNER warns customers to be “cautious” after cyber-attack exposes passenger details

Credit: Patriot O.A / Shutterstock.com

London North Eastern Railway (LNER) has urged passengers to be on alert after revealing that some customer details and journey records were accessed in a cyber-attack at a third-party supplier.

The breach, which did not affect LNER’s ticketing or scheduling systems, involved unauthorised access to files containing passenger contact information and records of previous journeys. The operator emphasised that the cyber-attack did not compromise any bank details, card payment data, or passwords.

In a statement, LNER said:

We have been made aware of unauthorised access to files managed by a third-party supplier, which involves customer contact details and some information about previous journeys. Importantly, no bank, payment card or password information has been affected.

We are treating this matter with the highest priority and are working closely with experts and with the supplier to understand what has happened and to make sure appropriate safeguards are in place. We will provide further updates as more information becomes available.”

The state-owned operator runs intercity services along the East Coast Main Line between London, Yorkshire, the North East and Scotland. It confirmed that services continue to operate as normal, although passengers arriving into London still face the impact of ongoing underground strikes.

The operator advised customers to be “cautious of unsolicited communications, especially those asking for personal information” and not to respond if in doubt. The operator added that customers did not need to contact their banks, as the supplier involved in the breach did not hold any financial or password data.

LNER is working closely with the Information Commissioner’s Office (ICO), the UK’s independent data protection regulator, as it determines whether the cyber-attack must be formally reported under GDPR. In previous cases, regulators have fined organisations that failed to implement adequate safeguards, underscoring the need for a swift and thorough response.

For further information or queries, LNER asks passengers to contact them at [email protected].