Nilabh Rajpoot Reports Data Leak on IRCTC Insurance Portal, Exposing Indian Railways’ Passenger Data
In a significant data breach, personal and booking details of Indian Railways passengers were leaked from the Insurance Portal of the Indian Railway Catering and Tourism Corporation (IRCTC). The breach, discovered on July 23, 2024, exposed sensitive information such as passenger names, seat numbers, train details, mobile numbers, email IDs, transaction numbers, and nominee details. This data vulnerability allowed unauthorized changes to be made to passenger information.
Cybersecurity expert Nilabh Rajpoot reported the breach to the Indian Government’s Computer Emergency Response Team (Cert-In), which swiftly acted to resolve the issue. As of today, July 30, 2024, the security flaw has been fixed, and measures are being implemented to prevent such incidents in the future.
Nilabh Rajpoot, who has a history of addressing security vulnerabilities for high-profile organizations such as Apple, the United Nations, BBC News, Nokia, the University of Turkey, and Trend Micro, highlighted the potential risks associated with this data exposure. The incident underscores the importance of robust cybersecurity practices, especially in critical sectors like transportation.