Tuesday, July 15, 2025

Indian Railway Data Leak: 30 million passengers’ info for sale on Dark Web

Date:

New Delhi: The Indian Railways suffered a data breach in which the data of over 30 million users was compromised, reports Asianet news. It is reportedly said that a hacker has put the user data for sale on the Dark Web.

The hacker, without disclosing the source of the data, claims that ‘it’s one of the biggest railways databases in India.’ The leaked data set contains user data and invoices, with some of the invoices dated December 31, 2022.

The Indian Railway Catering and Tourism Corporation (IRCTC) operates a successful online ticket booking platform, recording 41.74 million electronic ticket reservations and generating a revenue of 38.18 billion Indian rupees in the 2021-2022 year.

The data contains ‘username, email, verified mobile number, unverified mobile number, gender, mobile number verified, city id, city name, state id, language preferences.’ The sample data shared by the hacker shows several data with emails and phone numbers of users who have booked tickets on Indian Railways.

‘In the 30M data, there are a lot of government emails, and important people,’ claims the hacker before providing two ‘examples’ of user data from a user with an email address ending with ‘@elibom.digitallock.gov.in’, and another ending in ‘@konkanrailway.gov.in.’ Both data samples had mobile phone numbers and city locations along with them.

‘Also there is another endpoint disclosing all user history of travel information, including a lot of data like PNR Number, invoice pdf (include all his info like passenger name, mobile, location, etc), train number, arrival time, email, phone, passenger gender, nationality, and all information of passenger!’ the hacker further claimed.

The second data sets contain full travel information such as Train No, Journey details, date of journey, user id, email, phone, booking status, boarding station, money paid, GST details, berth number, berth codes, meal booking, and more. The data set seems to be fresh as some records from the data sample are from the month of December 2022.

Following the All India Institute of Medical Sciences (AIIMS) data breach earlier this month, claims of a new data breach in the database of Indian Railways customers have surfaced.

Related articles

Suspension of Cashless Health Services in Rajasthan and Other States

Private hospitals in Rajasthan are set to suspend cashless treatment under the Rajasthan Government Health Scheme (RGHS) starting...

Big Breaking: High Court Rebukes Government, Thackeray’s Reaction

Highlights: The Mumbai High Court, under Justice Saran Kotwal, demonstrates fearlessness and accountability through its aggressive questioning of government lawyer Shailendra Nagarkar and CBI lawyers. The court's firm...

ALARMING SURGE IN HEART ATTACKS, ESPECIALLY AMONG YOUTH, PROMPTS KARNATAKA CM TO ORDER PROBE INTO POTENTIAL COVID-19 VACCINE LINK

Karnataka is facing an alarming increase in sudden heart attack deaths, affecting even young individuals, prompting Chief Minister...

Flying Cars in Bengaluru: A Sky Full of Hurdles – From Safety to Noise, Experts Question Viability

The allure of flying cars has long captured the human imagination, promising a future of decongested roads and...