LNER has warned customers to remain vigilant for social engineering attacks after a cyber attack on the rail operator exposed personal data.
In an advisory, the company said it detected unauthorized access to files managed by an unnamed third-party supplier.
Data compromised in the attack includes customer contact details and information about previous journeys. The company added that no bank details, payment card, or password information was exposed.
"We are treating this matter with the highest priority and are working closely with experts and with the supplier to understand what has happened and to make sure appropriate safeguards are in place," LNER said.
Ticket sales and operations were entirely unaffected by the incident, according to LNER, but it has warned customers to be cautious of unsolicited communications, especially those asking for personal information.
"The data exposed in the LNER breach, while not of critical security context, can still be used to generate compelling phishing documents and other attacks against a user's identity,” commented Michael Tigges, senior security operations analyst at Huntress.
“Third-party vendor compromise is on the rise this year, with significant breaches, such as those involving SalesLoft and Drift, having cascading security implications,” Tigges added.
"Incidents such as these are a stark reminder that while the primary organization may protect our data, third parties around the world constantly handle data and personal information in the regular course of their business."
LNER the latest transport firm impacted
The transport sector can be an attractive target for hackers. This time last year, for example, Transport for London (TfL) fell victim to an attack which saw the bank account numbers and sort codes of around 5,000 customers accessed.
TfL was forced to restrict its online services for several weeks, with passengers unable to view live travel information or see their journey history for trips paid for by contactless cards.
Meanwhile, the aviation sector has been heavily targeted by hackers believed to belong to the Scattered Spider group, with attacks on Qantas, Hawaiian, WestJet, Air France-KLM, and Aeroflot.
In June, the FBI warned that the group was impersonating employees or contractors at transport firms to deceive IT help desks into granting access, often bypassing multi-factor authentication (MFA).
William Wright, CEO of Closed Door Security, said details on how the attack was carried out remain limited.
"Information relating to this breach is vague, so it's hard to say exactly how this attack was executed,” he said.
“We know it occurred on a supplier to LNER, but we don't know if it was an insider breach, where an employee at the supplier gained access to LNER data, or if the data was accessed by a threat actor that exploited the supplier to access to its systems,” Wright added.
"If it does turn out to be the latter, then the incident could be related to the recent attacks on Salesforce, which have been affecting organisations globally."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Snowflake revamps channel program to meet rising data and AI demandNews The new-look Snowflake Partner Network (SPN) now includes new training resources, improved structures geared towards growth, as well as increased channel networking opportunities.
-
Jaguar Land Rover u-turns on cyber attack containment claimsNews Jaguar Land Rover (JLR) has admitted some data may have been accessed by hackers following a cyber attack which severely disrupted production.
-
Jaguar Land Rover u-turns on cyber attack containment claims, admits ‘some data has been affected’
News Jaguar Land Rover (JLR) has admitted some data may have been accessed by hackers following a cyber attack which severely disrupted production.
-
Everything we know about the Plex data breach so farNews Plex advised users to sign out of any connected devices that are currently logged in and enable two-factor authentication if they haven’t already.
-
Prolific ransomware operator added to Europe’s Most Wanted list as US dangles $10 million rewardNews The US Department of Justice is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, an alleged ransomware criminal.
-
FBI warns 'indiscriminate' Salt Typhoon hacking campaign has hit organizations in more than 80 countriesNews The Salt Typhoon hacker group has waged several major campaigns against US telecoms companies and critical infrastructure operators – now it's ramping up attacks globally.
-
Salesloft Drift hackers had access to company GitHub account for months before attacksNews Hackers behind the Salesloft Drift breach had access to the company’s GitHub account for several months before waging a flurry of attacks, the company has revealed.
-
Gen Z has a cyber hygiene problemNews A new survey shows Gen Z is far less concerned about cybersecurity than older generations
-
Cybersecurity experts issue urgent warning amid surge in Stealerium malware attacksNews Proofpoint said Stealerium has flown under the radar for some time now, but researchers have observed a huge spike in activity between May and August this year.
-
Hackers are using AI to dissect threat intelligence reports and ‘vibe code’ malwareNews TrendMicro has called for caution on how much detail is disclosed in security advisories
