LNER Suffers Major Data Breach After Third-Party Network Hack

London North Eastern Railway reported a major data security breach after threat actors gained access to the internal network of a third-party platform used to manage its customer data.

 

London North Eastern Railway is a publicly owned UK train operator that provides services along the East Coast Main Line, linking London King’s Cross with destinations across the East Midlands, Yorkshire, North East England, and Scotland.

 

In a data security incident notice published on its website, LNER said that on September 10, it became aware of an unauthorised access to a vendor platform used to manage its customer data. The train operator immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

The investigation revealed that the files accessed by the threat actors contained “customer contact details and some information about previous journeys.” While details of the compromised data aren’t shared, LNER said that “no bank, payment card or password information has been affected.”

 

“We are treating this matter with the highest priority and are working closely with experts and with the supplier to understand what has happened and to make sure appropriate safeguards are in place,” LNER said.

 

The train operator added that its ticket sales and train operations remain unaffected.

 

“The third-party supplier involved does not have access to password data. It is always good practice to maintain a secure password and to change passwords regularly,” LNER added.

 

Commenting on the news, William Wright, CEO of Closed Door Security, said, “Information relating to this breach is vague, so it’s hard to say exactly how this attack was executed. 

 

“We know it occurred on a supplier to LNER, but we don’t know if it was an insider breach, where an employee at the supplier gained access to LNER data, or if the data was accessed by a threat actor that exploited the supplier to access its systems. If it does turn out to be the latter, then the incident could be related to the recent attacks on Salesforce, which have been affecting organisations globally,” Wright added.