Indian Railway data leak: Information of 30 million customers for sale on dark web – Times of India
Indian Railways has reportedly been hit by a cyberattack and the data of around 30 million customers is up for sale on the dark web. Multiple reports suggest that the hacker hasn’t disclosed the source of the date but claims that he has “one of the biggest railways database in India.”
A report by Times Now claims that the sample data shared by the hacker shows emails and phone numbers of users who booked tickets on Indian Railways. The data reportedly contains “userName, email, verifiedMobileNumber, unverifiedMobileMumber, gender, mobileNumberVerified, cityId, cityName, stateId, languagePreferences.”
Government emails, travel history leaked
“In the 30M data, there are a lot of government emails, and important people,” the hacker was cited as saying.
In another data sample, the hacker claims that there is another endpoint that “discloses all user history of travel information, include a lot of data like PNR Number, invoice pdf – which include all info like passenger name, mobile, location, etc – train number, arrival time, email, phone, passengerGender, nationality, and all information of passenger!”
The leaked data set also contains some of the invoices dated for December 31, 2022.
The Indian Railway Catering and Tourism Corporation (IRCTC) recorded 41.74 million electronic ticket reservations and generated a revenue of 38.18 billion Indian rupees in the 2021-2022 fiscal year, a report says.
AIIMS cyberattack
This is the second major cyberattack on a government organisation in a span of just over a month. On November 23, the servers of All India Institute of Medical Sciences (AIIMS) were hit by a ransomware attack. A case of extortion and cyber terrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police two days later.
The servers were back to normal about two weeks after the attack was reported. The government had announced that data of lakhs of patients was retrieved.
A report by Times Now claims that the sample data shared by the hacker shows emails and phone numbers of users who booked tickets on Indian Railways. The data reportedly contains “userName, email, verifiedMobileNumber, unverifiedMobileMumber, gender, mobileNumberVerified, cityId, cityName, stateId, languagePreferences.”
Government emails, travel history leaked
“In the 30M data, there are a lot of government emails, and important people,” the hacker was cited as saying.
In another data sample, the hacker claims that there is another endpoint that “discloses all user history of travel information, include a lot of data like PNR Number, invoice pdf – which include all info like passenger name, mobile, location, etc – train number, arrival time, email, phone, passengerGender, nationality, and all information of passenger!”
The leaked data set also contains some of the invoices dated for December 31, 2022.
The Indian Railway Catering and Tourism Corporation (IRCTC) recorded 41.74 million electronic ticket reservations and generated a revenue of 38.18 billion Indian rupees in the 2021-2022 fiscal year, a report says.
AIIMS cyberattack
This is the second major cyberattack on a government organisation in a span of just over a month. On November 23, the servers of All India Institute of Medical Sciences (AIIMS) were hit by a ransomware attack. A case of extortion and cyber terrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police two days later.
The servers were back to normal about two weeks after the attack was reported. The government had announced that data of lakhs of patients was retrieved.
Track your packages easily with this Gmail feature
For all the latest Technology News Click Here
Denial of responsibility! TechAI is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.