IRCTC denies being hacked, probe arranged
A high level committee has been formed to probe the matter.
The Indian Railway Catering and Tourism Corporation’s (IRCTC) website has reportedly been hacked. According to reports, police and IRCTC officials are currently looking into the matter. However, IRCTC has denied the reports. IRCTC spokesperson, Sandip Dutta, told the Indian Express, “There has been no hacking attempt on the site. A high-level committee has been formed to probe the matter.”
The case is being investigated by the Maharashtra Police Cyber Cell. We’re waiting for comments from both the Cyber Cell and IRCTC, and will update this story as we hear more.
Meanwhile, IRCTC is India’s largest e-commerce website, with users from all over the country. According to the website, IRCTC services over 13 million passengers every day. In addition, customers on the website, provide important information, ranging from important bank information to other details, when booking tickets etc. This means that a hack can potentially put all this sensitive user data at risk.
Further, a source told the Times of India, that data is a valuable asset, which can be sold to corporations that are targeting potential customers. The Indian Railways has recently spent a lot of its resources to improve the speed of the IRCTC website. Railway Minister, Suresh Prabhu, had ordered an inspection last month, after fears from the department, that it may be vulnerable to hacking attempts.
Update 1: Following this story, IRCTC responded to us, through a tweet, confirming that the website hasn't been hacked and a probe is being conducted.
@digitindia IRCTC website has not been hacked. Enquiry is being conducted regarding alleged data sale.
— IRCTC Ltd. (@IRCTC_Ltd) May 5, 2016
Update 2: The official response, issued via press release, by IRCTC states, "As soon as the matter came to notice of Railways on 02/05/2016, thorough investigations were conducted to detect veracity of the news, however, no such incident has been detected by the technical teams of Centre for Railway Information Systems (CRIS) and Indian Railway Catering and Tourism Corporation (IRCTC)." Further, the release also says, "No “Denial of Service attack” (DoS/DDoS) has been successful and the E-ticketing website has been working normally thereby eliminating any chances of unauthorised interference."
The IRCTC has also confirmed that while no unusual activity has been detected, the system is subjected to biannual audits, in order to ensure security.