Nilabh Rajpoot, a cybersecurity researcher, discovered a significant security flaw in IRCTC's insurance portal, allowing unauthorised access to passenger details and modifications to nominee information. This issue, not the first of its kind, has raised serious privacy concerns. Rajpoot reported the bug to CERT-In, which confirmed the vulnerability has now been fixed by IRCTC.