LNER, a major UK train operator running services from London to Edinburgh, suffered a cybersecurity breach via a third-party supplier. Hackers gained unauthorized access to its customer communication database, stealing the names and email addresses of thousands of passengers. While no payment card details, passwords, or account information were compromised, the breach exposed customers to potential phishing and scam messages. The company’s core operations, including train services and ticketing, remained unaffected. LNER reported the incident to authorities (ICO, NCSC, British Transport Police, and the Department for Transport) and is working with the supplier to implement enhanced security measures. Customers were advised to stay vigilant against suspicious communications and maintain strong password practices. The breach follows a series of high-profile cyberattacks in the UK, including those on Jaguar Land Rover, Marks & Spencer, and Harrods.
TPRM report: https://www.rankiteo.com/company/london-north-eastern-railway
"id": "lon5292952101625",
"linkid": "london-north-eastern-railway",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Thousands',
'industry': 'Transportation',
'location': 'United Kingdom',
'name': 'London North Eastern Railway (LNER)',
'type': 'Train Operator'},
{'industry': 'IT/Customer Communications',
'name': 'Unnamed Third-Party Supplier',
'type': 'Service Provider'}],
'attack_vector': ['Supply Chain Attack', 'Unauthorized Network Access'],
'customer_advisories': ['Warning about phishing/scams',
'Dedicated mailbox for queries '
'(dan.woodland@dailymail.co.uk for media, unspecified '
'for LNER)',
'Password security recommendations'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 'Thousands',
'personally_identifiable_information': ['Names',
'Email Addresses'],
'sensitivity_of_data': 'Low (Names and email addresses only)',
'type_of_data_compromised': ['Personal Information']},
'date_detected': '2025-09-08',
'date_publicly_disclosed': '2025-09-08',
'description': 'Thousands of LNER train passengers had their data stolen in a '
'major cybersecurity breach after hackers gained unauthorized '
'access to a third-party supplier’s customer communication '
'database. The compromised data included names and email '
'addresses, but no payment card details, passwords, or account '
'information were exposed. LNER warned customers of potential '
'phishing or scam messages and reported the incident to '
'regulatory authorities, including the ICO, NCSC, British '
'Transport Police, and the Department for Transport.',
'impact': {'brand_reputation_impact': 'Potential (Customers warned of '
'phishing risks)',
'data_compromised': ['Names', 'Email Addresses'],
'identity_theft_risk': 'Low (No sensitive financial or account '
'data exposed)',
'operational_impact': 'None (Core services, including train '
'operations and ticketing, remained '
'unaffected)',
'payment_information_risk': 'None',
'systems_affected': ['Customer Communication Database (Third-Party '
'Supplier)']},
'initial_access_broker': {'entry_point': 'Third-Party Supplier’s Networks',
'high_value_targets': ['Customer Communication '
'Database']},
'investigation_status': 'Ongoing (Supplier engaged independent security '
'experts)',
'post_incident_analysis': {'corrective_actions': ['Enhanced security controls '
'by supplier']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Customers advised to remain vigilant against '
'phishing/scams',
'Regular password changes recommended',
'LNER will never request passwords via email'],
'references': [{'source': 'Daily Mail'}],
'regulatory_compliance': {'regulations_violated': ['UK GDPR (Potential)'],
'regulatory_notifications': ['Information '
'Commissioner’s Office '
'(ICO)',
'National Cyber '
'Security Centre '
'(NCSC)',
'British Transport '
'Police (BTP)',
'Department for '
'Transport']},
'response': {'communication_strategy': ['Customer Email Notification',
'Dedicated Mailbox for Queries',
'Media Statements'],
'enhanced_monitoring': True,
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': ['Enhanced Security Controls '
'(Implemented by Supplier)'],
'third_party_assistance': ['Independent Security Experts '
'(Engaged by Supplier)']},
'stakeholder_advisories': ['Email to Customers', 'Media Statements'],
'title': 'LNER Customer Data Breach via Third-Party Supplier',
'type': ['Data Breach', 'Third-Party Breach']}