The Indian Railways has said that the source of a possible data breach, about which it had alerted the Indian Computer Emergency Response Team (CERT-In), was not its servers. Earlier on Tuesday, it took cognisance of media reports that stated that millions of Indian Railways users had been leaked and informed the CERT-In.
The reports claimed that the data of Indian Railway Catering and Tourism Corporation [IRCTC] users had been put up for sale on the dark web by a hackers’ group. The group also said that it had the details of official email accounts of many government employees.
“On analysis of sample data, it was found that the sample data key pattern does not match with IRCTC’s history and application programming interface [API]. The suspected data breach was not on the IRCTC servers,” the Railways said in a statement.
However, to detect and plug any possible security threat, further investigation on the data breach is being conducted by IRCTC.
“All IRCTC business partners have been asked to immediately examine whether there is any data leakage from their end and apprise IRCTC of the results along with the corrective measures taken,” the statement further read.
The news of the data breach comes close on the heels of the AIIMS data breach. Last month, AIIMS Delhi faced a cyberattack, compromising its servers. A case of extortion and cyber terrorism was registered by the IFSO unit of the Delhi Police on November 25.
The Ministry of Health and Family Welfare (MoHFW) said that the ransomware attack on the servers of the AIl India Institute of Medical Sciences in Delhi originated in China. As per the ministry, out of 100 servers of the hospital, of which 40 were physical and 60 virtual, five physical servers were infiltrated by hackers but data from them has been successfully retrieved.
Earlier this month, the Intelligence Fusion and Strategic Operations (IFSO) unit of Delhi Police wrote to the Central Bureau of Investigation (CBI) asking the central agency to get details from Interpol about the IP addresses of the email IDs from Henan in China and Hong Kong that were used to launch the cyberattack.