British train operator LNER (London North Eastern Railway) has disclosed a data breach impacting customer information.
The company, which is in charge of many long-distance passenger services on the East Coast Main Line, revealed that hackers gained access to files managed by an unnamed third-party supplier.
The compromised information includes customer contact details and some information on previous journeys.
However, LNER highlighted that banking, payment card, and password information have not been exposed as the impacted third-party does not have access to such information.
It also pointed out that the incident has had no impact on ticket sales and train operations.
“Please be cautious of unsolicited communications, especially those asking for personal information. If in doubt, do not respond,” LNER told customers.
No additional information has been shared. It’s unclear whether the third-party supplier was specifically targeted or it was one of the multiple victims of a large-scale campaign, such as the recent Salesforce-Salesloft attack.
Last year, police in the UK launched an investigation after a ‘hack’ led to anti-Islam messages being displayed to people who were trying to use the Wi-Fi service at the country’s biggest railway stations.
The probe showed that an employee of the company providing railway Wi-Fi services was behind the incident.
Related: Train Brakes Can Be Hacked Over Radio—And the Industry Knew for 20 Years
Related: Hacktivist Sentenced to 20 Months of Prison in UK
Related: Four Arrested in UK Over M&S, Co-op Cyberattacks
Related: UK’s Ransomware Payment Ban: Bold Strategy or Dangerous Gamble?
