NEW DELHI: Just a few weeks after the ransomware attack on the All India Institute of Medical Sciences (AIIMS) in New Delhi, reports say that a new data breach in the Indian Railways database has put the personal information of customers at risk.
According to reports, it looks like the personal information of more than 30 million (3 Crore) passengers may have been put up for sale on a hacker forum.
The hacker is known as “shadowhacker,” and he or she says that the information they stole includes names, email addresses, phone numbers, addresses, and more.
So far it’s not clear how the hacker got into the IRCTC data, and cybersecurity experts haven’t verified the breach or the authenticity of the data.
ALSO READ: Teen Bounty Hunter From Chennai Assists Railways Fix Major Bug In Ticketing Portal
The information posted by the hacker say that the data they stole belonged to “important people” and “government people.” The screenshot shows that the travel history and bills of Indian Railways passengers have been put up for sale.
There are two parts to the data: information about the users and bookings. Techlomedia a tech news website, said that the hacker’s sample user data was found to be real when it was checked on the IRCTC website.
ALSO READ: Indian Railway Tatkal Scam Grows Bigger, Man Behind Instant Ticketing Software Arrested
According to the listing, the seller will only give out five copies of the data and will charge $400 per copy. For $1500, you can get access that no one else has. The price is set at $2,000 for information about data and risks.
In 2019, the Indian Railways had a similar breach, and in 2020, information about nine million users was posted online.
Under the new Data Protection Bill, which was proposed by the government in November, a fine of up to Rs. 500 crore could be given for a data breach.
Follow The420.in on
Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube