Overview
- The incident stems from an 8 September intrusion at a third‑party managing LNER’s customer communication database.
- LNER says no payment card details, passwords or account information were involved, and ticketing systems remain safe.
- The company reported the breach to the ICO on 9 September and notified the NCSC, British Transport Police and the Department for Transport.
- The supplier has brought in independent security experts and is implementing enhanced controls as investigations continue.
- LNER is emailing affected users with guidance on spotting fake messages, noting valid addresses end in @lner.co.uk or @email.lner.co.uk, and directing queries to datainfo@lner.co.uk.