Pierluigi Paganini September 12, 2025

LNER warns of a data breach via a third-party supplier, exposing customer contact details and other personal information.

UK train operator LNER (London North Eastern Railway) reported a data breach through a third-party supplier, compromising customer contact details and other personal information.

LNER (London North Eastern Railway) is a British train operator running passenger services on the East Coast Main Line, connecting London with major cities like Edinburgh, Leeds, and York. It operates high-speed and long-distance routes, providing intercity rail transport across eastern and northern England and Scotland.

“We have been made aware of unauthorised access to files managed by a third-party supplier, which involves customer contact details and some information about previous journeys.” reads the statement published by the company.

The organization states that the breach impacted customer contact details and specific information about past journeys. LNER pointed out that the incident did not impact bank information, payment card details, or passwords.

The security breach did not impact train operations or ticket sales.

Customers should be cautious of phishing attempts through unsolicited messages requesting personal information and avoid responding if unsure

The company did not provide technical details about the attack and did not name the impacted third-party supplier.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, London North Eastern Railway)