Data Of 30 Million Indian Railways' Passengers Up For Sale After Breach: Reports
The hacker goes by the name "shadowhacker" and claims that the stolen data includes names, email IDs, phone numbers, addresses, and more.
Just weeks after the ransomware attack at All India Institute of Medical Sciences (AIIMS) in New Delhi, reports now claim that a new data breach in Indian Railways' database has put personal information of patrons at risk.
It appears that personal information of over 30 million passengers could have been put on sale on a hacker forum, Outlook reported. The hacker goes by the name "shadowhacker" and claims that the stolen data includes names, email IDs, phone numbers, addresses, and more.
Personal info of IRCTC customers on sale
As of now, it is unclear how the hacker got access to the IRCTC data and cybersecurity experts have not verified the veracity of this alleged breach yet.
In the details posted by this hacker, they claim that the stolen data belongs to "important people" and "government people." The screenshot reveals that Indian Railways' passengers' travel history and invoices have been put on sale.
Also read: Hackers Selling Personal Data Of 150,000 Patients From TN Hospital On Dark Web
The data is available in two parts - one including user information and the other including booking data. Techlomedia reported that when the sample user data provided by the hacker were checked on the IRCTC website, it was found to be real.
The listing claims that the seller will provide only five copies of the data - charging $400 per copy. For exclusive access, the price is $1500. For data and vulnerability details, the cost is set at $2000.
Also read: Explained: What's Happening At AIIMS After Sensitive Ransomware Attack?
In 2019, a similar breach happened at the Indian Railways and information of nine million users was leaked online in 2020.
In November, the government proposed a fine of up to Rs. 500 crore for data breaches under the updated Data Protection Bill. What do you think about the increasing rate of such data breaches? Let us know in the comments below. For more in the world of technology and science, keep reading Indiatimes.com.
References
Outlook (2022, December). 30 Million Railway Users' Data Up For Sale Following Data Breach: Report. https://www.outlookindia.com/business/30-million-railway-users-data-up-for-sale-following-data-breach-report-news-248792
Pandey, N. (2022, December 28). Data of 3 crore railway passengers hacked and put for sale?: Reports. cnbctv18.com. https://www.cnbctv18.com/technology/indian-railways-data-breach-30-million-user-data-hacked-and-up-for-sale-15524231.htm