The Indian Railway Catering and Tourism Corp (IRCTC) on Thursday denied that its website, which is visited by around 22 lakh people a day, had been hacked.
“IRCTC website was not hacked and is functioning properly. The passengers are also able to book tickets through the website,” Sandip Dutta, IRCTC public relations officer, said.
An estimated 5 to 6 lakh dominantly railway tickets are sold daily on the website. IRCTC is one of the largest e-commerce platforms in India, with three crore active registered users.
A joint committee comprising officers from IRCTC and CRIS (Centre for Railways Information System) was set up following media reports that the rail ticketing website was hacked and passenger data stolen.
“The committee in its preliminary report has not found any indication of breach of security in any of the databases of the e-ticketing system. Further investigations by the committee is in progress and once the purported leaked data is made available, checks will be conducted,” said a statement issued by IRCTC.
The e-ticketing data is broadly categorised into two categories – sensitive information like debit/credit card details, login ID and passwords, which could cause potential financial risk; and other data like mobile number and email IDs.
The IRCTC said mobile numbers and email IDs are already available with other service providers.
“Email and mobile numbers have to be shared with service providers for providing catering services, cab services, hotel bookings, SMS services. Till now, leakage of data through none of the service providers of IRCTC has been established,” the statement added.
It said the security of e-ticketing system was ensured through regular audits by the Directorate of Department of Electronics and IT.
“Security audit of e-ticketing system is undertaken bi-annually and all sensitive data like passwords are stored in encrypted form. In addition to this, 24×7 monitoring of the system is done throughout the year by experts.”
The matter came to light when the Cyber Cell of the Mumbai Police informed IRCTC that a large volume of data from its website was stolen.
The IRCTC website contains vital information pertaining to passengers who book train tickets and avail other services.