Security firms CloudSEK and Cyble have found personal information of 9,39,230 IRCTC users. The information includes full names, mobile numbers, dates of birth, email addresses, gender, marital status, city, and state. Indian Railways itself left an unprotected database instance exposed in October 2019, according to haveibeenpwned.com, which published the news in January 2020. This resulted in the breach of over 2 million records containing 583,000 unique email addresses.”]
Source: https://www.csoonline.com/article/3586142/9-lakh-irctc-users-personal-data-found-online.html