The Indian Railways had a data breach on Tuesday, December 27, which took the personal information of about 30 million passengers. On the Dark Web, user data is rumoured to have been advertised for sale by the hacker
Only a few weeks have passed since the All India Institute of Medical Sciences (AIIMS) in New Delhi was the target of a ransomware attack. Now, reports state that a new database breach at the Indian Railways has exposed the personal information of customers.
As per reports, it looks that the personal data of more than 30 million passengers may have been placed up for sale on a hacker forum. The data taken, according to the hacker who goes by the handle "shadowhacker", includes names, email addresses, verified and unverified phone numbers, gender of the passenger, city id, city name, state id and preferred languages among all other information.
The Indian Railways had a data breach on Tuesday, December 27, which took the personal information of about 30 million passengers. On the Dark Web, user data is rumoured to have been advertised for sale by the hacker.
The Indian Railway Catering and Tourism Corporation (IRCTC) reported 41.74 million electronic ticket reservations during the fiscal year 2021-2022, generating nearly 38.18 billion rupees in revenue.
The hacker reportedly claims that "it is one of the biggest railroads databases in India" without providing the derivation of the information. User information and invoices, some of which have due dates of December 31st, 2022, are included in the stolen data collection.
According to the information provided by the hacker, the stolen material belonged "important persons" and "government officials". The snapshots include Indian Railways customers' bills and travel histories that have been put up for sale.
Cybersecurity specialists have not yet confirmed the validity of this purported breach, and it remains indefinite how the hacker gained access to the IRCTC data.
However, there have also been cyber-attacks on the Indian Railways in the past. A purported hack in 2019 led to the internet discovery of over 9 million people's personal information in 2020.