One of the UK's largest rail operators, LNER, is the latest organization to spill user data via a third-party data breach.
It confirmed the incident on Wednesday, saying customer contact details and "some information about previous journeys" was accessed at a third-party supplier.
London North Eastern Railway (LNER) did not name the third party responsible for the intrusion, but assured that whichever company it was, it does not store details such as bank accounts, payment cards, or passwords.
"We will provide further updates as more information becomes available," it said in its most recent statement.
A factsheet supplied to customers confirms that the attack has not impacted its ticketing or rail services, which focus on long-distance inter-city services with the main hubs being in Edinburgh, Leeds, London, Newcastle, and York.
However, customers are advised to be wary of potential phishing attempts.
"Please be cautious of unsolicited communications, especially those asking for personal information. If in doubt, do not respond."
LNER said customers do not need to inform their bank about the incident, and while it fell short of recommending a password reset, it said: "It is always good practice to maintain a secure password and to change passwords regularly."
The rail operator did not confirm who was behind the intrusion, or whether it was related to the ongoing attacks on high-profile organizations connected to Salesloft Drift, although experts say it's a possibility.
"Information relating to this breach is vague, so it's hard to say exactly how this attack was executed," said William Wright, CEO at Closed Door Security.
- Deutsche Bahn train hits 405 km/h without falling to bits
- A software-defined radio can derail a US train by slamming the brakes on remotely
- Deutsche Bahn stands to lose €400M if it has to do Huawei with Chinese kit
- Train operator phlunks phishing test by teasing employees with non-existent COVID bonus
"We know it occurred on a supplier to LNER, but we don't know if it was an insider breach, where an employee at the supplier gained access to LNER data, or if the data was accessed by a threat actor that exploited the supplier to gain access to its systems.
"If it does turn out to be the latter, then the incident could be related to the recent attacks on Salesforce, which have been affecting organizations globally.
"Regardless of how the attack was executed, LNER customers should take note of the advice offered by the organization."
The Register asked LNER for more details, including how many customers are affected, whether the attackers still have access to company data, and more.
LNER refused to comment further at this stage. ®