IRCTC Data Breach: Name, Email and Other Details on Dark Web


  • Data of 30 crore IRCTC users leaked
  • IRCTC has not denied the leak and holding a further investigation

Data of 30 crore IRCTC users, including email, phone number, gender, city, state and language preferences, have been leaked and put up for sale on a hacker forum.

This news comes from a report from Techlomedia, and it has been reported that the author has downloaded the sample data that the hacker provided and has verified that the data leak was real.

indian railways data breach

Post on hackers’ forums selling the data.

As per the listing, the hacker sells only 5 copies of the data and charges $400 per copy. He is also willing to sell it with exclusive access for $1500. For $2000, he is also selling data and vulnerability detail.

IRCTC does not deny the data leak

IRCTC responded to this massive data leak claim and said, “An incident regarding Indian Railway’s data breach has been reported in the media. In this connection, Railway Board had shared a possible data breach incident alert of CERT-In to IRCTC reporting a data breach pertaining to Indian Railways passengers.”

It also clarified that the sample data does not match with the IRCTC history API; hence, the data leak is not from the IRCTC server if it happened.

IRCTC is holding further investigations; it added, “All IRCTC business partners have been asked to immediately examine whether there is any data leakage from their end and apprise the results along with corrective measures taken to IRCTC.”

It is to be noted that IRCTC does not deny the data leak; instead, it merely mentions that the data leak did not occur from their side.

Whatever the case may be, it is worth noting that this is a serious issue, and the data can be misused if got into the wrong hands. And IRCTC faced a similar data breach of 20 crore users back in 2019, also up for sale on Dark Web.

The Data Leak Could Be From Railyatri

TechloMedia is now reporting that the data leak could be from RailYatri. References to Railyatri on the leaked data set. Railyatri is a third-party authorised IRCTC partner, which started operations back in 2014 and is available on Android and iOS as an app. Railyatri also faced a data breach that affected 7 lakh users in 2020.