UK Rail Operator LNER Confirms Cyber Attack Exposing Passenger Data

LNER cyber attack exposes passenger contact details and journey data. No financial information or passwords were taken, but customers are urged to be cautious.

UK-based train operator London North Eastern Railway (LNER) has confirmed that a cyber attack on a third-party supplier has compromised some passenger data. The breach, which was discovered on Wednesday, September 10, involved unauthorised access to files containing customer contact details and information about previous journeys.

The government-owned company, which operates on the East Coast Main Line connecting London and Scotland, was quick to reassure customers that no bank, payment card, or password information was affected. LNER also confirmed that its train services, ticketing systems, and timetables are running as normal.

While the breach didn’t expose financial information, LNER is urging customers to be cautious of unexpected communications. It’s important to watch out for suspicious emails or messages, especially those asking for personal details, and if you’re ever in doubt, don’t respond.

The company is actively working with cybersecurity experts and the supplier involved to understand the full scope of what happened.

“We are treating this matter with the highest priority and are working closely with experts and with the supplier to understand what has happened and to make sure appropriate safeguards are in place. We will provide further updates as more information becomes available,” the company stated.

Unfortunately, this isn’t an isolated event. As we’ve seen in recent years, the UK transport and retail sectors have become prime targets for cybercrime. For example, a year ago, a hack on Transport for London (TfL) exposed financial records for around 5,000 customers, causing online services to be disrupted for weeks.

More recently, the UK’s largest carmaker, Jaguar Land Rover, had to halt production after a cyber-attack. Prominent retailers like Marks & Spencer, Harrods, and Co-op have also been targeted this year.

These attacks highlight a growing trend where criminals target third-party providers to get to their main victims. For a company like LNER, which serves millions of passengers each year, maintaining public trust is just as crucial as keeping trains on schedule.

In a related development, LNER has confirmed it’s in contact with the Information Commissioner’s Office, the UK’s independent data watchdog. The office is expected to review whether the data breach falls under the reporting requirements of the UK’s GDPR law, and the company could face fines if insufficient safeguards are found to be in place.

In comments shared with Hackread.com, William Wright, CEO of Closed Door Security, highlighted the uncertainty surrounding how the attack was carried out. “Information relating to this breach is vague, so it’s hard to say exactly how this attack was executed,” Wright said. He noted that it could have been an inside job at the supplier or a cybercriminal exploiting a vulnerability. If it were the latter, he suggested it could be linked to recent global attacks on Salesforce.

Wright stressed the importance of LNER’s advice to its customers. With personal data now in the hands of “threat actors,” he warned that they will work to build more detailed profiles on individuals. He anticipates attackers will use this information to send out phishing emails, SMS, phone calls, and even messages on platforms like WhatsApp, all designed to trick recipients into giving up financial or personal details. He concluded by urging all online users to treat these communications with extreme caution.