Cyberattack hits LNER passenger data, investigation under way

LNER working with experts after unauthorised access to passenger contact information through third-party supplier systems.
Passengers urged to watch for phishing attempts after LNER confirms breach affecting contact details.

The contact details of rail passengers have been stolen in a cyberattack affecting London North Eastern Railway (LNER). The company stated that it had been notified of unauthorised access to files managed by a third-party supplier and advised customers to be vigilant against phishing attempts.

LNER stressed that no bank details, card numbers, or passwords had been compromised. The York-based operator stated that it was collaborating with cybersecurity experts and the supplier to investigate the breach and ensure necessary safeguards.

The company did not confirm the number of passengers affected. The incident comes as LNER reported revenues exceeding £1 billion, yet it continues to rely on government support since its nationalisation in 2018.

Passenger complaints rose 12.2 percent in 2025, reaching 24,015, and competition from private operators is driving losses—online ticket platforms such as Trainline direct passengers to cheaper rivals, costing LNER significant revenue.

The breach follows other attacks on UK transport services, including a 2024 incident in which the bank details of 5,000 Transport for London customers were exposed, resulting in weeks of disrupted online services.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!