IRCTC website ‘hacked’, personal details of lakhs feared stolen

New Delhi: There are some conflicting reports about IRCTC, but it is almost certain that something is wrong with the user data held by IRCTC website. Details of possibly millions of users have been leaked and are reportedly available to buyers in the shady cyber markets.

IRCTC has denied that there is anything wrong with its website. “IRCTC website has not been hacked. Enquiry is being conducted regarding alleged data sale,” it says on Twitter.

We are not certain what to make of the IRCTC statement. Because the Maharashtra government is saying something else.

“Maharashtra Govt confirms @IRCTC_Ltd website hacked. Up to 1 crore account details potentially compromised. Being sold in a CD for Rs 15k.”

Personal data of around 1 crore customers is feared to have been stolen from the server of the e-ticketing portal Indian Railway Catering and Tourism Corporation (IRCTC), thus raising fears of safety and security, as reported TOI.

IRCTC is India’s largest e-commerce website, lakhs of transactions are conducted every day. Customers provide details like Pan Card numbers while filling up online reservation forms.

According to a report in India Today, IRCTC officials also fear that details including phone numbers, date of birth and other such information “have been sold in a CD for Rs 15,000 for whosoever was interested.”

An IRCTC source said, “The data is a valuable asset and can be sold to corporations who may use it for targeting potential consumers.”

AK Manocha, managing director of IRCTC, told Mumbai Mirror that though there has been no official complaint regarding data hacking he has written to Delhi police’s cyber cell to inquire into the matter.

When asked why there was no complaint, Manocha said, “We got some information from our internal sources. So we decided to crosscheck.” The IRCTC (Indian Railways Catering and Tourism Corporation) website has a user base of over 1 crore, and at least 5 lakh tickets are booked on daily basis. To log in and book tickets, each user has to create an account, parting with information of his email id and mobile number. The fear among the authorities is that the hacker could have access to at least 1 crore email IDs and mobile numbers. The data will command a huge price among companies in the era of aggressive tele-marketing.

According to the sources, that it is unlikely that credit card or bank data would have been compromised, since the payment gateway takes one out of the IRCTC website to the sites of the banks, which have more watertight firewalls.

The state’s additional chief secretary (home), KP Bakshi, earlier confirmed to TOI that the state police had alerted the railways, but refused to give any more details.

IRCTC website is maintained by Centre for Railway Information Systems, which is part of the railway ministry.