Breach Not from IRCTC Servers, Says Railway Ministry

After reports surfaced about a potential data breach in Indian Railways, the Ministry has said that the data is not from the IRCTC servers. In a statement, the Ministry also said that on analysis of sample data it was found that the sample data key pattern does not match with IRCTC history application programming interface (API).

“An incident regarding the Indian Railway data breach has been reported in the media. In this connection it may be submitted that the Railway Board had shared a possible data breach incident alert of CERT-In to IRCTC reporting a data breach pertaining to Indian Railways passengers. On analysis of sample data it is found that the sample data key pattern does not match with IRCTC history API. Reported/suspected data breach is not from the IRCTC servers,” it said.

The Ministry also said that further investigation on the data breach is being done by the Indian Railway Catering and Tourism Corporation. It added that all IRCTC business partners have been asked to immediately examine whether there is any data leakage from their end and apprise the results along with corrective measures taken to IRCTC.

According to reports, Indian Railways suffered a potential data breach on December 27. Data of over 30 million users, who have booked railway tickets, was compromised. The data included name, email, phone number, gender, and other personal information of the passengers. Additionally, the user mentioned that the data contains multiple government email addresses.

Last month, All India Institute of Medical Sciences (AIIMS), Delhi, allegedly faced a cyberattack that paralysed its servers.

A case of extortion and cyberterrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police on November 25.

According to the government, five servers of AIIMS were affected by the cyberattack which led to the encryption of approximately 1.3 terabytes of data.

Read all the Latest India News here