Indian Railways denies reports

According to the report on TechloMedia, when some of the sample user data provided by the hacker was checked for PNR verification on the IRCTC website it was found to be legit and was also of recent journeys.

AMN / WEB DESK

Close on the heel of the data breach at the All India Institute of Medical Sciences (AIIMS) earlier this month, reports has now emerged that claim the Indian Railways suffered a new data breach. According to a report by tech news website TechloMedia, data belonging to Indian Railways is up for sale on a hackers’ forum, which is usually used by cybercriminals to sell hacked data.

It is believed that this could be the biggest data breach of a government entity’s digital assets till date, the personal details of nearly 30 million railway users have been put on sale on the dark web by a hacker. These details include name, email, phone number, gender, and other personal information of several government officials and notable personalities, among others, the hacker has claimed.

Indian Railways has denied reports claiming a data leak of 3 crore passengers registered with the Indian Railway Catering and Tourism Corporation (IRCTC). Reports earlier claimed that the data of passengers reportedly put on sale on the Dark Web.

“An incident regarding Indian Railways data breach has been reported in the media. In this connection, Railway Board had shared a possible data breach incident alert of CERT-In to IRCTC reporting a data breach pertaining to Indian Railways passengers,” it said.

Railways further clarified that on analysis of sample data, it is found that the sample data key pattern does not match with IRCTC history API. Hence, the suspected data breach is not from the IRCTC servers, it said.

It said that further investigation on the data breach is being done by IRCTC. “All IRCTC business partners have been asked to immediately examine whether there is any data leakage from their end and apprise the results along with corrective measures taken to IRCTC,” it said.