LNER has confirmed that an unauthorised cyber intrusion into files held by one of its third-party suppliers resulted in the exposure of passenger contact information and details of previous journeys.
The breach was detected on 9 October 2025 and immediately escalated to the highest level of incident response by LNER and its security advisers.
LNER emphasises that the compromised data set does not include any financial or authentication details.
There is no evidence that bank account numbers, payment card information or customer passwords were accessed.
The files breached relate solely to names, email addresses, telephone numbers and historical travel itineraries.
This distinction is critical, says LNER, in minimising the risk of financial fraud or account takeover.
The affected information was held off-site by a contracted technology provider charged with processing customer communications and travel history analytics.
LNER was not directly hosting these records when the breach occurred. The supplier has engaged independent cybersecurity experts to perform a forensic investigation and is implementing additional safeguards to prevent any recurrence.
Customer Guidance and Next Steps
Passengers whose data may have been exposed are advised to exercise caution when receiving unsolicited calls, emails or text messages.
LNER’s media statement urges travellers not to respond to communications requesting further personal or financial information.
Customers unsure whether a contact is legitimate can verify communications directly through LNER’s official website or customer service line.
The train operator has confirmed that its ticketing platform and rail services remain fully operational and secure.
There is no impact on the ability to purchase tickets, manage bookings or travel on LNER services.
Accordingly, no disruption to timetables or on-board operations is expected as a result of this incident.
While no password resets are mandatory, LNER reminds all passengers that maintaining strong, unique passwords is best practice.
Those wishing to update credentials for any online account are encouraged to do so via official channels and to enable multi-factor authentication where available.
LNER is working closely with the third-party supplier and cybersecurity specialists to determine the full extent of the breach, its root cause, and any additional mitigation measures required.
A thorough review of all supplier security protocols is underway, and LNER pledges to keep customers informed as investigations progress.
Any significant developments will be communicated promptly through official LNER channels.
For further information or questions, travellers can consult LNER’s dedicated FAQs on its website or contact the LNER customer support team directly.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
%20(1).webp?resize=1600,900&ssl=1&description=The breach was detected on 9 October 2025 and immediately escalated to the highest level of incident response by LNER and its security advisers.){kind=link}