London North Eastern Railway said on Wednesday that customer contact details and information about previous journeys were accessed in a data breach involving a third-party supplier. The operator said the intrusion did not compromise bank accounts, payment cards or passwords.
LNER did not name the third party responsible, but noted that whichever company is involved does not store sensitive financial information for customers. “We will provide further updates as more information becomes available,” it said in its most recent statement.
A factsheet provided to customers confirms that the attack has not impacted ticketing or rail services, which focus on long-distance inter-city travel with hubs in Edinburgh, Leeds, London, Newcastle and York.
The company urged customers to be wary of phishing attempts and unsolicited communications asking for personal information, adding that there is no need to inform their bank about the incident. It also advised that maintaining a secure password and changing passwords regularly is good practice. Some analysts suggested the breach could be linked to broader attacks on high-profile organizations, though the information remains unclear.
“Information relating to this breach is vague, so it’s hard to say exactly how this attack was executed,” said William Wright, CEO of Closed Door Security.