Incident & Breach Response , Security Operations

Rail Yatri Chastised for Breach Affecting Over 30M Customers

Breach Came to Light When Criminal Underground Forum User Put Data Up for Sale
Rail Yatri Chastised for Breach Affecting Over 30M Customers
Image: Shutterstock

The union government chastised the operator of Indian Railways ticket booking website Rail Yatri for failing to prevent a December data leak that compromised the personal information of more than 30 million users.

See Also: The Critical Nature of Incident Readiness and Response

Union Minister of State for Electronics and Information Technology Rajeev Chandrasekhar said on Wednesday that the government had suspended the ticket booking facility on the Rail Yatri application and imposed an unspecified penalty on the custodian of the application.

The application was subsequently restored after "necessary security measures" were implemented, the minister told the lower house of Parliament in a written reply.

The Rail Yatri breach came to light when criminal underground forum user "shadowhacker" put up for sale data stolen from the booking app. The data dump included names, email addresses, phone numbers, gender, invoices, and travel information such as passenger name, record number, train number and destination.

The Indian Ministry of Railways in December denied that the data of 30 million people allegedly on sale on the dark net had come from a hacker breaching Rail Yatri.

Chandrasekhar said government organizations reported seven data leak incidents in 2022, up from five in 2021. The government issued instructions for mandatory reporting of cyber incidents to the Indian Computer Emergency Response Team to secure their data quickly.

He said the Indian Computer Emergency Response Team has prepared a cyber crisis management plan, which all ministries and departments of the central and state governments have to follow to combat cyber terrorism, secure their IT infrastructure and mitigate cyberattacks.

About the Author

Jayant Chakravarti

Jayant Chakravarti

Senior Editor, APAC

Chakravarti covers cybersecurity developments in the Asia-Pacific region. He has been writing about technology since 2014, including for Ziff Davis.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.