Railways forms high-level panel to examine IRCTC hacking
The Railway board has formed a high-level panel to examine the alleged hacking of the IRCTC website. The railway officials suspect that data hacking from the IRCTC website may have involved leakage of personal data including PAN numbers, Aadhaar numbers, email ids, mobile numbers, etc. of lakhs of people. However, IRCTC officials have not yet confirmed the claims of hacking.
IRCTC: An overview
IRCTC (Indian Railway Catering and Tourism Corporation) Ltd. is a subsidiary of Indian Railways (IR) which handles the catering, tourism and online ticketing businesses of the Indian Railways. It was formed under the Ministry of Railways to professionalize and upgrade these services with public-private partnerships (PPP). With a user base of 10 million, IRCTC sells 5 lakh tickets through its ticketing portal every day.
Railways orders audit of IT Systems
The Indian Railways had last month ordered the audit of its IT system to prevent cyber attacks. The order from the Railways came after a web page of the personnel department in the Bhusawal Division of the Central railways was allegedly hacked by the terror outfit, Al Qaeda. Since the entire railway operations are running online, any intrusion can collapse the entire network.
Cyber attack on govt websites quite frequent
According to estimates, around 2,500 to 3,000 government websites are hacked or defaced every month.
How was the hack detected?
The data hack speculation started after the Maharashtra Cyber Cell found out that a CD containing phone numbers, dates of birth and other such information of IRCTC users was available in the market for Rs.15,000. The Inspector General (IG) of the Maharashtra Cyber Cell informed the Chief Commercial Manager (CCM) of the Western Railways that large volumes of IRCTC data might have been compromised.
IRCTC hack could be India's largest
IRCTC is India's biggest e-commerce website. Given the sheer size of the IRCTC, the data hack incident could be the biggest data theft ever in Indian history.
Railway board forms a committee
The Chief Commercial Manager (CCM) informed the Indian Railways board about the data hack. The railway board called an emergency meeting and formed a committee comprising of 3 persons each from IRCTC and CRIS (Center for Railway Information Systems), the IT arm of Indian Railways. IRCTC's Managing Director has also written to the Cyber Cell of Delhi Police to examine the matter.
Data hack not yet verified
Sandip Dutta, Public Relations Officer at IRCTC, has, however, said, "We deny all reports claiming that IRCTC website was hacked. It is running perfectly fine." Mr. Dutta added that IRCTC has asked Cyber Cell to provide the 'hacked' data so that it can be verified if it belongs to IRCTC. He has also not ruled out the possibility of someone maligning IRCTC's name.