LNER Reveals Supply Chain Attack Compromised Customer Information

The operator of one of the UK's busiest rail lines, LNER, has admitted that an unauthorized third party has accessed customer details via a supplier. The revelation was made in an online update yesterday, as the government-owned company struggles to reassure its customers about the security of their personal information.

According to LNER, the breach involved unauthorised access to files managed by a third-party supplier, which included customer contact details and some information about previous journeys. However, the train operator immediately clarified that no bank, payment card or password information had been affected in the incident. Despite this, LNER warned that compromised information could be used to target customers in follow-on attacks.

“Please be cautious of unsolicited communications, especially those asking for personal information. If in doubt, do not respond,” LNER advised its customers. The train operator's warnings were echoed by security experts, who highlighted the potential risks posed by the breach.

“The data exposed in the LNER breach, while not of critical security context, can still be used to generate compelling phishing documents and other attacks against a user’s identity,” said Huntress senior security operations analyst, Michael Tigges. “Incidents such as these are a stark reminder that while the primary organization may protect our data, third parties around the world constantly handle data and personal information in the regular course of their business.”

Tigges urged businesses to carry out regular tabletop exercises, as well as data discovery, to understand where sensitive information flows out of the organization and how it is protected. He also recommended that end users consider hardening their identities (emails and personal information) with identity threat detection and response systems to help detect attacks that may weaponize the information stolen.

As no passwords were stolen in the incident, LNER has decided not to reset customer credentials. However, the train operator reminded its customers that “it is always good practice to maintain a secure password and to change passwords regularly.”

Ransomware Threats: Government Takes Action

In a speech in London yesterday, security minister Dan Jarvis highlighted several government initiatives designed to crack down on cyber and fraud threats. One of the key measures announced was an increase in police powers through the Crime and Policing Bill, which will allow law enforcement to suspend IP addresses and domain names being used to facilitate serious crime.

Furthermore, Jarvis revealed that the government is driving forward a new package of legislative measures to protect UK businesses from ransomware. This move aims to provide greater support for small and medium-sized enterprises (SMEs) affected by cyber attacks, as well as enhance the capabilities of law enforcement agencies to tackle these types of threats.

With LNER's recent breach serving as a stark reminder of the ongoing risks posed by cybercrime, it remains to be seen how effectively these measures will be implemented and whether they will prove effective in protecting vulnerable businesses and individuals. As the situation continues to unfold, one thing is certain: the importance of vigilance and cybersecurity awareness cannot be overstated.