IRCTC, the online ticketing portal operated by Centre for Railway Information Systems (CRIS) of the Indian Railways, has reportedly been hacked. It is also being reported that the personal data of more than 1 crore users have been stolen from the portal.
According to officials, the matter came to light after Inspector-General of police Maharashtra Cyber Cell informed the Chief Commercial Manager Western Railway about the site being hacked.
At the time of booking railway ticket from the portal, users are required to provide details such as phone number, email ids, Aadhaar Card, driving license number, etc. These details have been hacked.
A report from India Today suggests that the data that has been stolen from the IRCTC server, is being sold as a CD in the market for a price of around Rs. 15,000. It further states that the state government has identified the hackers who were selling these details, but action is awaited.
Contrary to this hacking reports, PRO of IRCTC has said that the website has not been hacked. IRCTC PRO Sandip Dutta told CNN-News18,
Three days ago, IB cyber cell, Mumbai informed us that some data in the name of IRCTC is in circulation. We set up a committee which is probing this.
Railway board is waiting for a copy of the date to be shared by Cyber Cell, only then can we ascertain if it was indeed our data. So far, it has not been established. Probe is on. Website is absolutely fine.
A six-member team which comprises of officials from the Indian Railway Catering and Tourism Corporation and the Centre for Railway Information System has started an inquiry into whether an attempt was made to hack the IRCTC website or not.
This isn’t the first time that the property of Indian Railways has been targeted. Earlier, in March, the microsite of Railnet page of the Indian Railways website was allegedly hacked by the terror group Al Qaeda.
[UPDATE]:
Today, Indian Railways has denied the hacking reports and said that no information of emails or mobile phone numbers has been leaked from IRCTC.
There is no hacking nor any leakage of IRCTC ticketing website and everything is safe,
said Railway Board Member (Traffic) Mohd Jamshed while addressing PTI.
Railways had constituted a committee of cyber security experts and vigilance officials from IRCTC and Centre for Railway Information Systems (CRIS).
The committee reportedly did a thorough technical investigation on each component of IRCTC website. However, it did not detect any possible data theft or leak and is constantly monitoring the system.
IRCTC CMD AK Manocha has further assured that auditing of the website is an ongoing process and security audit of e-ticketing system is undertaken biannually.
IRCTC undergoes through regular security audits which are conducted by Standardization Testing Quality Certification (STQC) Directorate of Department of Electronics and IT.
