IRCTC (2019) Alleged User Data Resurfaced on DarkWeb – 900,000+ Users’ Records Exposed

The Indian Railway Catering and Tourism Corporation (IRCTC) provides an online ticketing system for Indian Railways. As a subsidiary of the Indian Railways, IRCTC handles the catering, tourism, and online ticketing operations of the Indian Railways. Besides offering online ticketing facility, IRCTC is also responsible for running India’s first semi-high speed fully air-conditioned train, Tejas Express.

In the course of our routine monitoring of the DarkWeb, we have come across a post in which a user has allegedly claimed that close to 1 Million user data was leaked sometime in 2019. This data has been shared by the user with the DarkWeb community today (13th October 2020).

This data is easily available for download, and so far, no ransom or payment has been requested by the threat actor. Furthermore, the leaked data includes sensitive user information such as Mobile Number, Date of Birth, Email, Gender, Marital Status, Name, City, and State. After removing duplicates, we could see at least 9 Lakh unique rows of user information.

With such a huge repository of unauthorized personal information of Indian citizens, the data poses immense potential for being misused for malicious purposes such as Phishing Emails, Spam Text Messages, etc.

Cyble Research Team has acquired and indexed the leaked data on their data breach monitoring and notification platform, – people who are concerned about their information exposure can register on the platform to ascertain the risks. In addition, android users (Link) and iOS users (Link) can gain full access to it just by downloading the mobile application.

Here are some best practices that we recommend for protecting your data and preventing it from being misused:

  1. Never share personal information, including financial information and passwords, over the phone, email or SMS
  2. Make use of strong, unpredictable passwords and enforce multi-factor authentication where possible. Try to come up with unique passwords that do not include any personal information such as your name or date of birth.
  3. Regularly monitor your financial transactions and immediately contact your bank if you notice any suspicious activity.
  4. Turn-on the automatic software update feature on your computer, mobile and other connected devices where possible and pragmatic to help protect your data.
  5. Use a reputed anti-virus and Internet security software package on your connected devices including PCs, Lap-tops, and Mobiles
  6. People who are concerned about their exposure in DarkWeb can register at to ascertain their exposure

About Cyble

Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the darkweb. Cyble’s prime focus is to provide organizations with real-time visibility into their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Startups To Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit    

Comments are closed.

Scroll to Top