London North Eastern Railway (LNER) has confirmed that an unauthorized breach at one of its third-party suppliers exposed contact details and travel histories of some passengers.
No banking or password data were involved. The company says it is treating the incident with the highest priority and is working with experts to secure customer information.
What Happened and What Was Affected
On Wednesday, 10 September 2025, LNER discovered that files managed by a contractor had been accessed without permission.
These files contained names, email addresses, phone numbers, and records of previous journeys. The supplier maintains ticketing and customer communications systems on LNER’s behalf.
LNER stressed that no financial information—such as bank details or payment card numbers—was included in the breach. Passwords and login credentials were also unaffected.
The operator has engaged a leading cybersecurity firm to investigate the breach’s scope, determine how the unauthorized access occurred, and recommend steps to prevent a recurrence.
In a statement, LNER’s chief information security officer said that while the investigation continues, the company is confident that robust safeguards are being put in place.
LNER is reviewing contractual security standards with all suppliers and plans to expand monitoring of its information systems.
Passengers whose details were exposed do not need to worry about their bank accounts or credit cards. LNER advises all customers to remain vigilant against phishing emails and calls.
Anyone receiving unsolicited messages asking for personal or financial data should not respond and should report the contact to relevant authorities.
Although no password information was compromised, LNER recommends that all customers follow best practices for account security.
Changing passwords regularly, using strong and unique passwords, and enabling any available multi-factor authentication are simple steps that help protect online accounts.
LNER’s ticket sales and train operations continue as normal. There is no disruption to journeys or delays in booking tickets.
Any passenger can still purchase tickets online or at stations without concern for service interruptions linked to this security incident.
LNER has set up a dedicated helpline and email address for passengers who have questions or wish to learn more.
Anyone seeking further details about the breach can write to [email protected]. LNER promises to share regular updates as the investigation progresses and more information becomes available.
The breach serves as a reminder that digital supply chains can introduce security risks. By collaborating with cybersecurity experts and strengthening its monitoring, LNER aims to ensure that customer data remains protected.
The company remains committed to restoring passenger confidence and safeguarding personal information at every step of the journey.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
Source link
