UK train operator LNER (London North Eastern Railway) reported a data breach through a third-party supplier, compromising customer contact details and other personal information.
LNER is a British train operator running passenger services on the East Coast Main Line, connecting London with major cities such as Leeds, York and Edinburgh. It operates high-speed and long-distance routes, providing intercity rail transport across northern and eastern England and Scotland.
In a September 10, 2025 statement, LNER said: “We have been made aware of unauthorised access to files managed by a third-party supplier, which involves customer contact details and some information about previous journeys.”
“No bank, payment card or password information has been affected”, said LNER.
Ticket sales and train operations were not impacted.
LNER didn’t provide further technical details about the attack.
Read more about it here.