Indian Railways dismisses reports of data leak from IRCTC website
The Indian Railways dismissed on Thursday reports about the leak of email and mobile numbers from user profile data of Indian Railway Catering and Tourism Corporation’s (IRCTC) e-ticketing system and said everything was safe.Updated: May 05, 2016 19:20 IST
The Indian Railways dismissed on Thursday reports about the leak of email and mobile numbers from user profile data of Indian Railway Catering and Tourism Corporation’s (IRCTC) e-ticketing system and said everything was safe.
“There is no hacking nor any leakage of IRCTC ticketing website and everything is safe,” Railway Board member (traffic) Mohd Jamshed said.
He was replying to a query about reports citing cyber officials in Maharashtra regarding alleged leak of email and mobile numbers from user profile data of the IRCTC e-ticketing system. He said the security system has been reviewed twice in the recent past.
The Indian Railways constituted a committee comprising cyber experts and vigilance officials from the IRCTC and Centre for Railway Information Systems (CRIS) on May 3 to check the possible theft of data and found no such case.
“The committee has submitted the preliminary reports and there is no leakage. We are constantly monitoring it,” Jamshed said.
The e-ticketing system is managed in-house by CRIS, the IT arm of Indian Railways. The data centre is on the premises of CRIS.
According to the Indian Railways, the report of possible theft of data came to light on May 2 and a thorough investigation was carried out to ascertain its veracity.
However, no such incident was detected by technical teams of CRIS and IRCTC.
The data of e-ticketing system can be broadly divided into two categories - sensitive information like debit/credit card details, login ID, passwords, which could cause potential financial risk. PAN card details are not required for booking e-tickets.
It was clarified that other data like mobile numbers and email ids was available with a large number of electronic service providing entities such as e-commerce firms and telemarketers.
Email and mobile numbers have to be shared with service providers for providing catering services, cab services, hotel bookings, SMS services, etc. Till now, leak of data through none of the service providers of IRCTC has been established.
E-ticketing website has been working normally thereby eliminating any chances of unauthorized interference, IRCTC said.