Driving Naari Programme launched in Chandigarh
Following the data breach at the All India Institute of Medical Sciences (AIIMS) earlier in December, reports now claim that the Indian Railways suffered a new data breach.
According to a report by tech news website TechloMedia, data belonging to Indian Railways is up for sale on a hackers’ forum, which is usually used by cybercriminals to sell hacked data.
While not denying the reports of a data breach, the Indian Railways has denied that the breach originated from the servers of Indian Railways Catering and Tourism Corporation (IRCTC).
ANI, in a tweet, quoted a Railways spokesperson as saying, “On analysis of sample data, it is found that the sample data key pattern does not match with IRCTC history API. Suspected data breach is not from the IRCTC servers.”
As per the report, a hacker — using the alias shadowhacker — has posted the data of 30 million Indian Railways users on the portal for sale.
The data available has two parts. The first is user data, including username, email, phone number, gender, city, state, and language preference.
Credit: Techlomedia
This information is usually provided while making an account on the IRCTC. The second part is the booking data. This includes the passenger’s name, mobile, train number, travel details, invoice PDF, and other information users provide while booking a ticket.
According to the report on Techlomedia, when some of the sample user data provided by the hacker were checked for PNR verification on the IRCTC website, it was found to be legit and also belonged to recent journeys.
Critical state of healthcare: India had 2nd highest number of cyber attacks in the world in 2021
According to the listing, the seller provides only five copies of the data and charges $400 per copy. Exclusive access to data will be available for $1,500. In addition, the seller claims to provide the data and vulnerability details for $2,000.
Earlier, the Indian Railways suffered a data breach in 2019. That breach affected over 2 million passenger data.
In the data breach that took place in AIIMS on November 23, patients and doctors complained about the hospital’s services working slowly. As a result, the hospital was forced into manual work from seven in the morning. The National Informatic Centre investigated the issue and found signs of a ransomware attack on the hospital’s servers.
Explained: Cyber attacks and how to keep yourself safeFollowing this, the Delhi Police’s Intelligence Fusion and Strategic Operations (IFSO) cell registered an FIR invoking sections of cyber terrorism (IT Act, section 66F) in light of the incident, with the preliminary investigation hinting to the ransomware attack being perpetrated from outside the country.
