Indian Railways data breach: Data of 30mn users on sale
The data of millions of railway passengers are possibly at the mercy of hackers. After targeting AIIMS last month, hackers have reportedly targeted Indian Railways. Per reports, the data of 30 million passengers who booked tickets is available on the dark web. There has been no official confirmation from the railways or the government regarding the attack.
Why does this story matter?
- Indian Railways is the second government-led undertaking that has been targeted by hackers in the span of two months. This poses some burning questions about the security measures taken by public sector undertakings to protect the personal information of users.
- This attack, if true, is an indication that India's most important institutions are overdue for a cybersecurity upgradation.
Personal information of people who booked tickets has been stolen
Indian Railways reportedly suffered a cyberattack on December 27. The data breach led to the railways losing sensitive data of 30 million people who have booked tickets. Stolen data include personal information of the people such as email id, mobile number, age, address, and gender. According to the attackers, the data also contains several government email addresses.
Hackers either attacked IRCTC portal or Indian Railways website
Information about the cyberattack on Indian Railways came out after a hacker forum user was seen selling railways user records. The identity of the user is unclear but they go by the alias "shadowhacker." The post also contains details about the vulnerabilities they used to attack the website. We don't know yet whether they attacked the IRCTC booking portal or the Indian Railways website.
Personal information of railways users was stolen in 2020
Being at the receiving end of a cyberattack is not new for Indian Railways. In 2020, the personal information of over nine million ticket bookers, including their IDs, was stolen.