Mumbai: Indian Railways has been reportedly hit by a cyberattack and around 30 million customer data is up for sale on the dark web, according to reports. A hacker claimed that he has one of the biggest railways databases in India without naming the data source. As proof, the hacker has shared sample data which shows users’ email addresses and phone numbers that booked tickets on Indian Railways.
In another sample data, the hacker claimed to possess users’ travel history and information including PNR number, invoice pdf, name, mobile number, location, train number, gender and other information.
Along with Indian Railways’ 30 million customer data, there’s a potential data breach of the Indian Railway Catering and Tourism Corporation (IRCTC). However, The Ministry of Railways has denied reports about a potential data breach of IRCTC. “The data breach was not from the IRCTC servers,” the ministry said in a statement on Wednesday.
“On analysis of sample data, it was found that the sample data key pattern does not match with IRCTC history application programming interface (API). Suspected data breach is not from the IRCTC servers. An incident regarding Indian Railways data breach has been reported in the media. In this connection, Railway Board had shared a possible data breach incident alert of CERT-In to IRCTC reporting a data breach pertaining to Indian Railways passengers,” stated the ministry
The Indian Railways added that further investigation on the possible data breach is being done by IRCTC. All IRCTC Business Partners have been asked to immediately examine whether there is any data leakage from their end and apprise the results along with corrective measures taken to IRCTC,” a Railway spokesperson was quoted as saying.