British train operator LNER, which runs many long-distance passenger services along the East Coast Main Line, has announced that it suffered a data breach. The company revealed that hackers accessed files managed by an unnamed third-party vendor. While the compromised information includes customer contact details and some details about previous journeys, LNER was quick to note that no banking, payment card, or password information was exposed. The company explained that the affected third-party vendor did not have access to that type of information. It also added that the incident has had no impact on train operations or ticket sales.
LNER released a statement to its customers, urging them to be cautious of any unsolicited communication, particularly messages that ask for personal details. The company advised customers, “If in doubt, do not respond.” The train operator did not provide any further information, and it remains unclear whether the third-party supplier was specifically targeted or if it was one of many victims of a large-scale campaign, such as the recent Salesforce-Salesloft attack.
The incident is not the first time a UK train operator has been affected by a cyberattack. Last year, police in the UK launched an investigation after a hack led to anti-Islam messages being displayed on the Wi-Fi service at the country’s biggest railway stations. The police probe later revealed that an employee of the company providing the railway Wi-Fi services was behind the incident.
Reference:
