The train operator LNER has urged customers to be wary of unsolicited communications after revealing some passengers’ contact details and journey records have been accessed in a cyber-attack.
The data breach took place at a third-party supplier, and LNER said no bank or payment details or password information had been accessed.
The state-owned operator, which runs intercity services on the east coast mainline between London and Scotland, said its schedules and ticket sales were not affected, and trains would run as normal.
LNER said: “We have been made aware of unauthorised access to files managed by a third-party supplier, which involves customer contact details and some information about previous journeys.
“We are treating this matter with the highest priority and are working closely with experts and with the supplier to understand what has happened and to make sure appropriate safeguards are in place. We will provide further updates as more information becomes available.”
The operator advised customers to be “cautious of unsolicited communications, especially those asking for personal information” and not to respond if in doubt. It said customers did not need to inform their bank as the unidentified third-party supplier did not have access to payment information.
LNER said that the supplier did not have access to its password data.
The attack on LNER follows a series of cyber incidents affecting UK transport and businesses.
An attack on Transport for London a year ago breached financial records of about 5,000 customers, with TfL having to cut back online systems for staff and the public for weeks after the hack.
after newsletter promotion
Production at the UK’s biggest carmaker, Jaguar Land Rover, remains paused after a hack discovered earlier this month, which JLR said on Wednesday had affected its data.
A number of high-profile retailers – Marks & Spencer, Harrods and the Co-op – have also been hit by cyber-attacks this year.