LNER Cyberattack: Passenger Data Breach Impacts East Coast Services

LNER faces cyber attack, exposing passenger data at a third-party supplier. No financial details compromised. Customers advised to remain vigilant.

LNER Cyberattack: Passenger Data Breach Impacts East Coast Services
September 13, 2025 1:13 am | Last Update: September 13, 2025 1:14 am
A+
A-

Introduction

LNER, a state-owned train operator, has reported a cyber-attack at a third-party supplier that exposed passenger data, prompting the company to advise customers to remain vigilant. The breach, which occurred without affecting LNER’s ticketing or scheduling systems, involved unauthorized access to files containing customer contact details and journey records. LNER has stated that no bank details, payment card data, or passwords were compromised in the incident.

Customer Data Exposure

Details of the Breach

LNER announced that a cyber-attack at a third-party supplier resulted in the exposure of some passenger data. The accessed files contained customer contact information and records of previous journeys. The operator clarified that no bank details, card payment data, or passwords were affected by the breach.

LNER’s Response

LNER confirmed that it is treating the matter with “the highest priority” and is collaborating with experts and the supplier to assess the situation and implement appropriate safeguards. The operator has stated that it will provide further updates as more information becomes available. Services continue to operate as normal despite the incident, although passengers arriving into London still face the impact of ongoing underground strikes.

Customer Advisory

The operator has advised customers to be cautious of unsolicited communications, especially those requesting personal information. Customers are urged not to respond to suspicious communications. LNER has also stated that customers do not need to contact their banks, as the supplier did not hold any financial or password data.

Regulatory Oversight

LNER is working closely with the Information Commissioner’s Office (ICO), the UK’s independent data protection regulator. The operator is determining whether the cyber-attack must be formally reported under GDPR.

Last June 2025, we published an article about Renfe’s new cutting-edge Aranjuez maintenance hub, boosting Cercanías efficiency. Click here to read – Future of Rail: Renfe’s Railway Technology Hub, Aranjuez: Essential Guide

Conclusion

LNER confirmed that a cyber-attack at a third-party supplier exposed passenger data, including customer contact details and journey records, while assuring that no financial data or passwords were compromised. The operator is working with experts and the ICO and advising customers to be cautious of unsolicited communications.

Company Summary

LNER is a state-owned train operator running intercity services along the East Coast Main Line between London, Yorkshire, the North East and Scotland.

railwaynews
railwaynews
Railwaynews.net is a railway information and news platform. Website presents from all around the world railway sector news, developments, projects and tender for the sector specialists. Railwaynews supports to industry events and announced them for potential participants. Railwaynews plans to collecting data from all around the world, about railway infrastructure, rolling stock, railway transportation datum, geographical datum to present for railway professionals for short term. Railwaynews will build new platforms aims to high value railway business environment for all railway specialists, railway fans and especially railway suppliers and their decision makers. Railwaynews presents whole information from rail professionals to rail professionals.