Train operator LNER has revealed passenger contact details and some information about past journeys have been accessed in a cyber attack.
The government-owned firm, which operates services on the East Coast main line between London and Scotland, said the breach involved files managed by a third-party supplier.
In a statement, LNER said that “no bank, payment card or password information has been affected”, and confirmed it is treating the incident with the “highest priority”, working with experts and the supplier to implement safeguards.
The operator added that it will provide further updates as more information becomes available.
The breach comes as the East Coast operator recently reported that its revenue pass the £1bn mark.
Accounts filed with Companies House showed that passenger revenue increased from £764.7m to £859.7m in the year to 31 March, 2025, while overall journeys rose 8.8 per cent to 26.4m.
The rail company also reduced train cancellations from 4.8 per cent to 3.8 per cent during the same period and reported a pre-tax profit of £6.7m.
Passenger guidance after LNER cyber attack
In these incidents, cyber experts have warned that even when payment information is not affected, exposed data such as contact details and journey histories can still be misused for scams or identity fraud.
Customers have been urged to change passwords immediately, monitor accounts for unusual activity, and remain alert to phishing attempts claiming to be from the company.
The incident follows a spate of high-profile cyber attacks on UK companies, including Jaguar Land Rover, whose operations were paralysed for over a week.
Experts have said attackers increasingly target large organisations like LNER and JLR because of the disruption potential and the wealth of customer data they hold.
LNER, which is owned by the Department for Transport (DfT), emphasised that it is working closely with specialists to understand the breach and implement safeguards.
The operator said it remains committed to restoring full confidence for passengers while ensuring that any compromised data is properly protected.