Following the data breach at All India Institute of Medical Sciences(AIIMS) earlier this month, reports have emerged of a fresh data breach in Indian Railways users' database.
According to the reports, details of over 30 million railway users are compromised and have been put up for sale on a hacker forum. The hacker who claims to have committed this breach goes by the name "shadowhacker".
The hacker claims that the stolen data include railway users' name, email ID, phone number, gender, address and other personal information. The authenticity of this data is yet to be verified by cybersecurity experts.
Advertisement
It is not yet clear whether the data was stolen from IRCTC or elsewhere. Indian Railways is yet to comment on this matter.
Another claim made by the hacker is that the stolen data includes that of 'important people' and 'government people'. From the available screenshot of the hacker forum where the data was put up for sale, it can be discerned that users' travel history and invoices have also been breached.
If the hacker's claims are true, a maximum of 10 copies of the stolen data is up for sale. More details and expert opinions are yet to emerge regarding the alleged breach.
Advertisement
However, this is not the first time that a cybersecurity breach has taken place at the Indian Railways. Following an alleged breach in 2019, personal details of over nine million users were found online in 2020.
