- The IRCTC has exposed 900,000 Indians in an undisclosed 2019 security breach.
- The details that have leaked include full names, phone numbers, marital status, and more.
- This data could be a subset of what hackers had stolen last year, so IRCTC clients should stay alert.
A set of 900,000 user records has just appeared on the dark web, and upon analyzing it, researchers found out that it belongs to the Indian Railway Catering and Tourism Corporation (IRCTC). This organization is a subsidiary of the Indian Railways, responsible for handling online ticketing operations, catering, and tourism. IRCTC is also directly responsible for running the “Tejas Express,” India’s first semi-high speed and fully air-conditioned train service that was launched three years ago.
The discovery of the data comes from researchers of Cyble, the dark web risk monitoring firm that routinely checks dark web forums and marketplaces to find new datasets. Upon looking at the details, the researchers figured that the data was exfiltrated by hackers sometime last year.
The user who shared the data with others did it without asking for a fee, and it appears that he isn’t the actor who exfiltrated it. Moreover, there’s no indication that IRCTC ever got a ransom note, so they may not have been extorted, and quite possibly, not have realized the security incident to this day.
The information that populates each user record includes the following:
- Full Name
- Mobile phone number
- Date of Birth
- Marital Status
- City of origin
This exposure’s consequences include increased risks of phishing attacks, scamming attempts, and spam text or tricky calls. Thankfully, extremely sensitive data like payment details (from online ticketing), actual home address, and travel dates/times aren’t included in this leak, and email addresses appear to be missing too. If they were available, scammers and phishing actors would be in a much stronger position.
If you have used IRCTC’s “Tejas Express” line and/or services of the Indian Railways in general, go ahead and check on Cyble’s AmIBreached.com tool to figure out if your name is included in this leak. If it is, be careful with all incoming communications, be it SMS, phone call, or email. Additionally, monitor your financial transactions and make sure to immediately contact your card issuer if something you don’t recognize appears.
This leak may very well be just a part of another batch that has gone undetected or not shared on the dark web, and which could include more data. Also, since IRCTC hasn’t stated anything about this incident, they may not have identified and plugged their security hole yet, so if you have to use their services, take every precautionary security measure you can.