Following the data breach at the All India Institute of Medical Sciences (AIIMS) earlier in December, reports now claim that the Indian Railways suffered a new data breach.
According to a report by tech news website TechloMedia, data belonging to Indian Railways is up for sale on a hackers’ forum, which is usually used by cybercriminals to sell hacked data.
While not denying the reports of a data breach, the Indian Railways has denied that the breach originated from the servers of Indian Railways Catering and Tourism Corporation (IRCTC).
ANI, in a tweet, quoted a Railways spokesperson as saying, “On analysis of sample data, it is found that the sample data key pattern does not match with IRCTC history API. Suspected data breach is not from the IRCTC servers.”
After the statement from the government, Techlomedia came back saying that the data was leaked from RailYatri’s website.
“The dataset had mostly train ticket records and the seller also claimed it belong to Indian Railways. So, my previous report also claimed the same. But this leaked data links to Railyatri. Someone breached Railyatri’s servers or used a vulnerability on their app to get access to this data dump,” the report read.
As per the report, a hacker — using the alias shadowhacker — has posted the data of 30 million Indian Railways users on the portal for sale.
The data available has two parts. The first is user data, including username, email, phone number, gender, city, state, and language preference.
This information is usually provided while making an account on the IRCTC. The second part is the booking data. This includes the passenger’s name, mobile, train number, travel details, invoice PDF, and other information users provide while booking a ticket.
According to the report on Techlomedia, when some of the sample user data provided by the hacker were checked for PNR verification on the IRCTC website, it was found to be legit and also belonged to recent journeys.
Critical state of healthcare: India had 2nd highest number of cyber attacks in the world in 2021
According to the listing, the seller provides only five copies of the data and charges $400 per copy. Exclusive access to data will be available for $1,500. In addition, the seller claims to provide the data and vulnerability details for $2,000.
Earlier in 2020, Railyatri suffered a similar data breach that affected seven million users.
In the data breach that took place in AIIMS on November 23, patients and doctors complained about the hospital’s services working slowly. As a result, the hospital was forced into manual work from seven in the morning. The National Informatic Centre investigated the issue and found signs of a ransomware attack on the hospital’s servers.
Explained: Cyber attacks and how to keep yourself safe
Following this, the Delhi Police’s Intelligence Fusion and Strategic Operations (IFSO) cell registered an FIR invoking sections of cyber terrorism (IT Act, section 66F) in light of the incident, with the preliminary investigation hinting to the ransomware attack being perpetrated from outside the country.
While several services remained unaffected, the breach also put the loss of research data and information about VIP medical records at risk, sources told CNN-News18.