Thousands of LNER passengers have had their data stolen by hackers after a major cybersecurity breach.
The train operator, whose services run from London to Edinburgh, revealed that hackers gained access to its customer communication database last month following a 'security incident' with a third party supplier.
It has since investigated the breach and discovered the stolen information included the names and email addresses of thousands of customers.
But, the hackers were unable to view anyone's payment card details, passwords or account information, the company said, adding that its core services, including train operations and ticketing, remained unaffected.
In an email to customers, LNER warned they could be subject to phishing or scam messages and urged people to remain vigilant against unexpected communications asking for personal or financial information.
'We are continuing to work closely with our supplier, who has engaged independent security experts, to put enhanced security controls in place to minimise the risk of this happening again,' the statement added.
LNER has reported the incident to the Information Commissioner's Office and informed the National Cyber Security Centre (NCSC), British Transport Police (BTP) and the Department for Transport.
The hack comes weeks after Jaguar Land Rover halted operations at its UK factories for around a month following a crippling and costly cyberattack. Other attacks this year have targeted companies including Marks and Spencer, Harrods and Co-op.
Thousands of LNER passengers have had their data stolen by hackers after a major cybersecurity breach (File image)
The hack comes weeks after Jaguar Land Rover halted operations at its UK factories for around a month following a crippling and costly cyberattack. Pictured: The production line at Jaguar Land Rover's factory in Solihull
'On 8 September 2025 we were told that one of our suppliers, who manages our customer communication database, had suffered a security incident', LNER's email to customers read.
'A third-party gained unauthorised access to the supplier's networks and in the process gained access to customer data.
'As a result of our investigation of the breach so far, we have concluded that the data included some personal information, specifically your name and email address.
'No payment card details, passwords or your LNER account information were involved. Our ticketing systems remain safe, and you can continue to buy tickets from LNER as normal.
'Because your name and email address were affected, it's possible you will receive phishing or scam messages.
'We are continuing to work closely with our supplier, who has engaged independent security experts, to put enhanced security controls in place to minimise the risk of this happening again.'
'Although we understand that password information has not been affected, we also suggest that you maintain a secure password and change your password regularly. Remember that we will never ask you to provide us with your password,' it added.
The company has set up a dedicated mailbox for customers to send any questions about the incident.
Empty food shelves at a Marks & Spencer in Cambridge on April 29 following a cyber attack
Earlier this year M&S halted orders on its website and was also left with empty shelves in the wake of another cyber attack.
Customers had to wait until June to use the store's website again as it opened itself back up to online shoppers in the hunt for the latest fashion ranges.
But it took even longer to reinstate M&S' click-and-collect service, which allows users to order items on the website and pick them up in-store the following day.
Four people have been arrested in connection with the M&S attacks, as well as separate ones on the Co-op and Harrods.
Two British men aged 17 and 19 were detained in the West Midlands and London alongside a 19-year-old Latvian an a 20-year-old British woman from Staffordshire.
They are accused of a variety of offences under the Computer Misuse Act, including blackmail, money laundering and involvement in organised crime.
All four were arrested at home and had their electronic devices seized for digital forensic analysis.
They have been questioned by specialist National Crime Agency (NCA) officers in relation to the three attacks.
M&S said the incident is likely to drag its group operating profits down by around £300million this year, but it expects this to be reduced through cost management, insurance and other reactions.