On Wednesday, Train ticketing platform RailYatri released its statement in which it confirmed that the platform suffered a data breach in December 2022. The confirmation is coming after the Railway Ministry denied such an attack and also remarked that no user data has been sold on the dark web leaked from the Railways’ side.
Reportedly, as a result of the breach, over 30 million users’ data have been sold on malicious sites including phone numbers, email addresses, house addresses, city, etc. Nevertheless, in 2020, RailYatri suffered a similar attack which targeted 7,00,000, users.
“We observed a security breach in our system on December 28, 2022, we quickly established the source of the breach and fixed it within a few hours. Some RailYatri registered user information limited to age, email, preference city, and phone numbers may have been viewed by unauthorized individuals. No other sensitive customer information has been compromised. We have reported the incident to the government authorities and are exploring legal steps to be taken,” a RailYatri spokesperson said.
Following the incident, the platform further reported that the platform is constantly investigating the attack with the Indian Computer Emergency Response Team (CERT-in) and also auditing its security systems against further security threats.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: