You are here: Home » Current Affairs » News » National
Business Standard

Govt forms high-level panel to crack massive IRCTC hack

Six-member panel looking into the case where data of 10 million users on IRCTC's portal may have been hacked and sold


Sudheer Pal Singh  |  New Delhi 

BFSI sector is a top target for cybercrime

A suspected massive data hacking case has sent the Railway Board, which manages Indian Railways, in a tizzy. The Board has formed a high-level six member committee of experts to look into the case where personal data of around 10 million users on the website, India’s largest e-commerce portal, is suspected to have been hacked and sold.

Officials suspect the massive data hacking may have involved personal information of users including PAN card numbers, Aadhaar card details, email ids and mobile numbers — immensely valuable set of information for telemarketing companies in the digital age.

“We cannot comment until we have seen the data that has been leaked. We will be able to substantiate any claim of data hack or theft only after we have seen the data and checked whether it belongs to the website or some other source,” said a senior official.

A senior official from the rail ministry informed the board is investigating into whether the case involves data hacking or an internal leakage, which, if correct, would be a more worrisome issue.

The case began with the Inspector General (IG) of Maharashtra’s Cyber Cell informing the Chief Commercial Manager (CCM) — Western Railways on Tuesday that large volumes of data belonging to users may have been compromised. The CCM, in turn, informed the Railway Board which called an emergency meeting and decided to form a committee, including three members of IRCTC and three from Center for Railway Information Systems (CRIS), the rail ministry’s IT arm.

IRCTC has a combined user base of 10 million and more than 500,000 tickets are sold on the e-ticketing portal every day. The Indian Railways’ e-ticketing arm has now requested the IG-Cyber Cell of Maharashtra to share the data sets or complaints that have triggered the investigation to ascertain the source of the hack or the leak.

Meanwhile, IRCTC’s Managing Director, who attended Tuesday’s emergency meeting, has written to Delhi Police’s Cyber Cell to look into the matter. Officials are reportedly concerned over the possibility of users’ credit card details or bank details having been compromised.

The website of IRCTC asks users to share mobile numbers and email ids during registration for booking tickets. However, for credit card and bank account details, the users are directed to the website of the banks which generally deploy more secure firewalls.

The data hacking case comes a week after a joint team of the Bengaluru Branch of the Central Bureau of Investigation (CBI) and Western Railways Vigilance Department arrested a man from Basti in Eastern Uttar Pradesh for hacking into the IRCTC website to create fake tickets that used to be sold to a network of agents across the country.

Rail minister Suresh Prabhu had last month ordered a Cyber audit of all the online systems of India Railways to make railways’ IT system foolproof.

Dear Reader,

Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.
We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor

First Published: Thu, May 05 2016. 10:35 IST