[ad_1]
Indian Railways has reportedly been hit by a cyberattack and the data of around 30 million customers is up for sale on the dark web. Multiple reports suggest that the hacker hasn’t disclosed the source of the date but claims that he has “one of the biggest railways database in India.”
A report by Times Now claims that the sample data shared by the hacker shows emails and phone numbers of users who booked tickets on Indian Railways. The data reportedly contains “userName, email, verifiedMobileNumber, unverifiedMobileMumber, gender, mobileNumberVerified, cityId, cityName, stateId, languagePreferences.”
Government emails, travel history leaked
“In the 30M data, there are a lot of government emails, and important people,” the hacker was cited as saying.
In another data sample, the hacker claims that there is another endpoint that “discloses all user history of travel information, include a lot of data like PNR Number, invoice pdf – which include all info like passenger name, mobile, location, etc – train number, arrival time, email, phone, passengerGender, nationality, and all information of passenger!”
The leaked data set also contains some of the invoices dated for December 31, 2022.
The Indian Railway Catering and Tourism Corporation (IRCTC) recorded 41.74 million electronic ticket reservations and generated a revenue of 38.18 billion Indian rupees in the 2021-2022 fiscal year, a report says.
AIIMS cyberattack
This is the second major cyberattack on a government organisation in a span of just over a month. On November 23, the servers of All India Institute of Medical Sciences (AIIMS) were hit by a ransomware attack. A case of extortion and cyber terrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police two days later.
The servers were back to normal about two weeks after the attack was reported. The government had announced that data of lakhs of patients was retrieved.
A report by Times Now claims that the sample data shared by the hacker shows emails and phone numbers of users who booked tickets on Indian Railways. The data reportedly contains “userName, email, verifiedMobileNumber, unverifiedMobileMumber, gender, mobileNumberVerified, cityId, cityName, stateId, languagePreferences.”
Government emails, travel history leaked
“In the 30M data, there are a lot of government emails, and important people,” the hacker was cited as saying.
In another data sample, the hacker claims that there is another endpoint that “discloses all user history of travel information, include a lot of data like PNR Number, invoice pdf – which include all info like passenger name, mobile, location, etc – train number, arrival time, email, phone, passengerGender, nationality, and all information of passenger!”
The leaked data set also contains some of the invoices dated for December 31, 2022.
The Indian Railway Catering and Tourism Corporation (IRCTC) recorded 41.74 million electronic ticket reservations and generated a revenue of 38.18 billion Indian rupees in the 2021-2022 fiscal year, a report says.
AIIMS cyberattack
This is the second major cyberattack on a government organisation in a span of just over a month. On November 23, the servers of All India Institute of Medical Sciences (AIIMS) were hit by a ransomware attack. A case of extortion and cyber terrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police two days later.
The servers were back to normal about two weeks after the attack was reported. The government had announced that data of lakhs of patients was retrieved.
Track your packages easily with this Gmail feature
[ad_2]
Source link