Indian Railways' IRCTC (Indian Railway Catering and Tourism Corporation )website has been hacked and the personal data of lakhs of users is at risk. Later officials have clarified that the website hasn't been hacked but they are still investigating the alleged data leak.
According to a Times of India report, data of several passengers has been stolen from the server of the portal. This incident raises a larger concern of the security of the websites of Railways as recently one of the websites was hacked by Al Qaeda.
Maharashtra Police has also informed IRCTC about the suspected hack. "IG Maharashtra police cyber cell has informed us about the alleged Data theft from its website but the details of the said data are still to be shared with IRCTC. IRCTC will be issuing a detailed press note later today," IRCTC PRO told HuffPost India.
"There has been no malicious activity on the website in last month, we will check the data if it belongs to IRCTC or not once we have it," he added.
A statement from IRCTC says that As soon as the matter came to the notice of the Railways on 2 May they had begun the investigations.
"No such incident has been detected by the technical teams of Centre for Railway Information Systems (CRIS) and Indian Railway Catering and Tourism Corporation (IRCTC). No "Denial of Service" (Dos) attack has been successful and the ticketing website is running normally," said the statement.
"The data is a valuable asset and can be sold to corporations who may use it for targeting potential consumers. We have alerted the Maharashtra government," said an IRCTC source to TOI. The state's additional chief secretary (home), KP Bakshi, confirmed that the state police had alerted the railways.
Maharashtra Govt confirms @IRCTC_Ltd website hacked. Up to 1 crore account details potentially compromised. Being sold in a CD for Rs 15k.— Rahul Kanwal (@rahulkanwal) May 5, 2016
Cyber cell of the Delhi police has also been alerted to probe if the data has been leaked. A meeting of the top officials was held on Tuesday night in Delhi.
"There has been no official complaint but I have written to the Delhi police cyber cell. We got some information from our internal sources. So we decided to crosscheck," said A.K. Manocha, managing director of IRCTC, to Mumbai Mirror.
IRCTC caters to more than 1 crore customers. And all the personal data such as Name, contact number, email IDs, PAN card number and so on is stored on the server. Hackers can get access to all the personal data and use it maliciously. Railways have spent a lot of money on upgrading the website but the majority of the money was spent on improving the speed and performance.
Last month there was a cyber audit of all the Railways facilities as well. Railway Minister Suresh Prabhu had ordered an inspection as the department feared that it is vulnerable to the attacks of the hackers.
IRCTC said that a joint committee of IRCTC and CRIS personnel has been made to further investigate the matter. The committee hasn't found anything suspicious in the preliminary reports but further checks will be carried out once the supposed leaked data is made available to them.
This year attacks on the government websites have risen significantly. In March, Google had to remove a Pakistani app from the play store which was snooping on the army personnel. Several other websites including TRAI and JNU website have already been attacked this year. According to Symantec 2015 saw a 156% rise in attacks on Indian websites from 2014.