Cyber Incident Victim: China Railway Corporation

In June 2018, China Railway’s official online ticketing platform 12306 faced allegations of a significant data breach involving approximately 30 million user records. Reports claimed this information was sold on the dark web for 10 Bitcoin, equivalent to roughly $65,000 at the time. The compromised data allegedly included sensitive personal details, though specific attributes were not disclosed in public reports. China Railway officials promptly denied these claims, asserting no breach of their systems had occurred. This incident coincided with peak travel periods for the Spring Festival holiday, during which the platform routinely handles hundreds of millions of bookings. Despite official denials, social media users reported concerns about unauthorized account access and suspicious activity, indicating potential downstream impacts from credential reuse or third-party vulnerabilities.

A subsequent incident emerged in early 2019 when Beijing police arrested a 25-year-old suspect linked to the theft of personal data from third-party train ticketing platforms. The suspect allegedly purchased 600,000 compromised 12306 user accounts from dark web sources, exploiting these credentials to access additional passenger records stored by unauthorized booking services. Since individual accounts often contain information for multiple travelers, this method enabled the theft of data belonging to 4.7 million individuals, including names, ID numbers, and passwords. China Railway reiterated that its core 12306 systems remained uncompromised but issued warnings discouraging passengers from using third-party platforms. The arrest followed a joint investigation by Beijing police and cybersecurity authorities, highlighting operational risks posed by credential-stuffing attacks against auxiliary services. Public dissatisfaction persisted, with travelers criticizing platform security measures amid recurring breach reports during high-volume travel seasons.