HQ/EMEAFind out how we can help your business
An Indian train ticketing platform, RailYatri, disclosed suffering from a security breach last December 28, 2022, exposing user data to unauthorised entities. This report comes after the Indian Railway Catering and Tourism Corporation (IRCTC) declared that no data from them have been leaked on the dark web.
RailYatri is a premier portal for millions of daily train commuters in India, serving inclusive and comprehensive information that satisfies people’s queries about their transportation journeys.
The platform’s spokesperson shared in a news report that their security team immediately fixed the malicious breach in their systems a few hours after discovering it. However, the company revealed that user information, including names, ages, email addresses, preference cities, and phone numbers, has been exposed.
RailYatri assured that no other sensitive user data had been compromised in the breach.
Aside from the mentioned customer data potentially being exposed to hackers, the train ticketing platform said no other sensitive information was compromised. Furthermore, the company reported the incident to government authorities and will take appropriate legal action.
RailYatri’s management has also tapped the Indian Computer Emergency Response Team (CERT-In) to help investigate the breach and audit its systems. While a security breach incident had been unavoidable for the company, they assured that they had implemented proper authorisation and authentication in their systems and had secured their servers behind firewalls and VPNs.
On the other hand, the threat actors that posted RailYatri’s stolen data on an underground forum said that the database included 31 million entries, indicating the massive amount of data that could pose security risks among all affected individuals.
The IRCTC requested all its business partners and reselling platforms, including RailYatri, to closely evaluate their systems following threats of cyberattacks. Meanwhile, all users of the train ticketing platform are advised to monitor their banking accounts and report to authorities if suspicious activities leveraging their information occur.
In August 2020, RailYatri reached the headlines due to a data breach incident that affected 7 lakh users (700,000) and exposed more than 30 million user records on the dark web.
