Hackers claim breach of data of 3 crore railway users; ministry denies

Amidst claim by a hackers' forum that data of over 3 crore Indian Railways users is on sale on the dark web, the Ministry of Railways on Wednesday said that no data breach happened in any of the railways' systems.

"No data leak has happened from IRCTC server or from Railways server. Reports claiming such leaks/breach of IRCTC or CRIS server is devoid of the fact," the railways said in a statement.

The hackers' forum said that they put the data of 3 crore Railway users on the dark web for sale which includes name, gender, e-mail, mobile number and city.

However, the Railways in its clarification said that it has shared a possible data breach incident alert of CERT-In (Indian Computer Emergency Response Team) to IRCTC pertaining to Indian Railways passengers. "On analysis of sample data it is found that the sample data key pattern does not match with IRCTC history API. Reported/suspected data breach is not from the IRCTC servers,” the Railways said in a statement.

The Railways also said that further investigation on the reported data breach is being done by IRCTC.

"All IRCTC Business Partners have been asked to immediately examine whether there is any data leakage from their end and appraise the results along with corrective measures taken to IRCTC,"the statement said.

The IRCTC (Indian Railway Catering And Tourism Corporation Limited) handles ticketing and catering of the national transporter. The Centre for Railway Information Systems (CRIS) implement and maintain most of the important information systems of Indian Railways.

The hackers, who went by the alias "shadow hacker", asserted that "important persons" and "government personnel" have had their data taken.

In 2020, the Railways had suffered a data breach where it was reported that the personal information of over 90 lakh Railway ticket buyers, including their IDs, was found online.

Recently, a ransomware attack on its computer network crippled Delhi’s All India Institute of Medical Science. The government claimed that the cyberattack originated from China.