Highland rail passengers’ personal details may have been accessed in LNER data breach; train operator runs Inverness to London services

Highland rail passengers’ personal details may have fallen victim to a data breach after LNER confirmed “unauthorised access” to files.

LNER, which operates the daily Highland Chieftain direct service between Inverness and London, said the data breach affected files “managed by a third-party supplier” and that customer contact details and “some information” about journeys were accessed.

But it claimed that no banking, card details or password information was affected.

”We have been made aware of unauthorised access to files managed by a third-party supplier, which involves customer contact details and some information about previous journeys.

“Importantly, no bank, payment card or password information has been affected.

“We are treating this matter with the highest priority and are working closely with experts and with the supplier to understand what has happened and to make sure appropriate safeguards are in place.

“We will provide further updates as more information becomes available.”

In response to the breach, LNER has urged the public to “be cautious of unsolicited communications, especially those asking for personal information”. If in doubt, do not respond.

It added that affected customer do not need to inform their bank, as the third-party operator which was breached “does not have access to bank or payment card information”.

The breach will also have no impact on buying tickets or travelling and train operations “are entirely unaffected”.

Passwords are also understood to not be affected, although LNER also noted that it “is always good practice to maintain a secure password and to change passwords regularly”.

Anyone with any queries about the breach can email datainfo@lner.co.uk.