Threat Actor: Unknown | Unknown
Victim: Railway Assets Corporation (RAC) | Railway Assets Corporation
Price: Not specified
Exfiltrated Data Type: Employee database
Additional Information:
- The Railway Assets Corporation (RAC) is a key federal statutory body under Malaysia’s Ministry of Transport.
- The RAC manages and develops the nation’s railway assets.
- The leaked database includes sensitive employee information such as user IDs, names, emails, passwords, and more.
- The breach raises concerns about privacy and security for RAC employees.
- This incident highlights the importance of robust cybersecurity measures within governmental organizations.
A threat actor has claimed responsibility for leaking the employee database of the Railway Assets Corporation (RAC), a key federal statutory body under Malaysia’s Ministry of Transport. The RAC, established under the Railways Act 1991 (Act 463) and fully operational since August 1, 1992, was set up as part of the government’s efforts to advance Malaysia’s railway industry to the standards of fully developed countries. The corporation manages and develops the nation’s railway assets, having taken over from the Malayan Railway Administration (KTM), now known as Keretapi Tanah Melayu Berhad (KTMB).
The purported leaked database contains a wide array of sensitive employee information, including:
- users_id.csv: This file reportedly contains fields such as id, name, email, email_verified_at, password, type, avatar, lang, mode, created_by, plan, plan_expire_date, requested_plan, delete_status, is_active, default_pipeline, remember_token, created_at, updated_at, messenger_color, dark_mode, active_status, and last login.
- detail.csv: This file allegedly includes id, user_id, employee_id, date of birth (dob), department, designation, joining date, exit date, gender, address, mobile number, salary type, salary, branch location, bank identifier code, bank name, account number, account holder name, emergency contact, created_by, created_at, updated_at, show_budget_planner, religion, nationality, marriage status, employment status, service status, employment type, state headquarters, show_budget_utility, is head of department (is_hod), is finance user, is executive, and is human resources (is_hr).
If verified, the breach could expose the personal and professional details of RAC employees, posing serious privacy and security concerns. The leak highlights the critical need for robust cybersecurity measures to protect sensitive information within governmental organizations.
Original Source: https://dailydarkweb.net/threat-actor-claims-to-have-leaked-railway-assets-corporation-employee-database/