The Indian Railways has denied reports that it suffered a data breach on December 27, amid reports surfacing that the Indian Railway Catering and Tourism Corporation's (IRCTC) data is up for sale on a hackers’ forum.
"On analysis of sample data, it is found that the sample data key pattern does not match with IRCTC history API. Reported/suspected data breach is not from the IRCTC servers," an Indian railway spokesperson said in a media statement.
The Indian Railways while denying the report by TechloMedia said it has shared a possible data breach incident alert of CERT-In to IRCTC reporting a data breach pertaining to Indian Railways passengers.
The Indian Railways added that further Investigation on the possible data breach is being done by IRCTC.
"All IRCTC Business Partners have been asked to immediately examine whether there is any data leakage from their end and apprise the results along with corrective measures taken to IRCTC," the railway spokesperson said.
TechloMedia had done a story on December 27 stating that the Indian Railways recently suffered a data breach.
"A person with the username shadowhacker has posted the data of 30 million Indian Railways users on the portal for sale. The threat actor is also providing a sample database in plain text format. So, interested buyers can verify the data before the payment," the report said.
According to the hacker, the data includes name, email, phone number, gender, and other personal information. Additionally, the user mentioned that the data contains multiple government email addresses.
Neither the authenticity of the data nor how it was accessed has been verified by security researchers.
Along with the data, the hacker offers details of the vulnerabilities "we used" on the website. There was no mention of whether the website is the IRCTC booking portal or the Indian Railways website.
This is not the first time that the Indian Railways has suffered a data breach. In 2020, the personal information of over nine million Indian railway ticket buyers, including their IDs, was found online. This company discovered a dark web post stating that a million users' data was stolen sometime in 2019.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
