irctc

Update: The Ministry of Railways has informed through a PIB release that there has been no hacking attempts made on the IRCTC site or servers/databases. It added that the site is working normally without any unauthorized interference or discrepancies. The Ministry further said that there sufficient “safeguards” already in place to prevent any security breach or attacks, and also claims to conduct biannual security audit of  IRCTC website regularly.

“In addition to this, 24×7 monitoring of the system is done throughout the year by technical team of experts. All the components of the system are functioning normal and no unusual activity has been discovered. All sensitive data like passwords etc are stored in encrypted form,” added the Railway Ministry.

Earlier: The Indian Railway Catering and Tourism Corporation (IRCTC) website used for online rail bookings is suspected to be hacked by unidentified attackers and user data could be at the risk . However, there is no clarity regarding what kind of attack or what mechanism were used by hackers for the breach.

A spokesperson from IRCTC told Times of India: “Somebody can create forged documents on the basis of the stolen data.The data is a valuable asset and can be sold to corporations who may use it for targeting potential consumers.”

However, IRCTC’s Public Relations Officer Sandip Dutta has reportedly told The Indian Express that there was no hacking attempt on the site and that a committee has been formed to investigate the matter. Dutta has also requested cyber cell’s help for the alleged data breach.

Earlier, Dutta also told Asian News International (ANI) that the Maharashtra Police had informed IRCTC about a “data theft from its website”, but details of the breach is yet to be shared.

Tweet from ANI:

While, some are still not convinced about IRCTC’s PRO Sandip Dutta’s statements:

The Centre for Railway Information Systems (CRIS), an independent organization under the Ministry of Railways develops and manages IT applications of Indian Railways and for other Government and Public Sector organizations. MediaNama has written to it seeking details about the possible data breach, and is yet to hear from them.

What user data is at risk: According to IRCTC’s marketing profile, there are approximately 3.9 crore profile registrations, 2.5 crore active users, and 18 thousand average user registrations everyday on the website. On registration, IRCTC collects personal information including address, email, phone numbers, etc. At time of booking IRCTC accepts passport, Aadhaar Cards, PAN cards or a driving License.

Financials: IRCTC had generated Rs 20,620 crore (~ $3.08 billion) in online ticketing with a profit after tax of Rs 130 crore ($19.5 million) from March 2014- March 2015. This is up 34% from a year ago, when its revenue was Rs 15,410 crore ($2.3 billion), and a profit of Rs 72 crore ($10.8 million).

Earlier reports of data breach and hacked websites

BSNL’s Jaipur website hacked: In August last year, BSNL’s website was hacked by members of a hacker group identifying itself as Hell Shield Hackers. However, the hackers were not able to hijack the entire domain, instead managed to get into BSNL’s Regional Telecom Training Centre Jaipur subdomain. The hackers named PsyCh0T!C_Ov3RL04D HSH and Th3 Laz4RU5 claim to have deleted all data on the website they had access to.

Pakistani security firm stealing Indian Govt info: Pakistani cyber security firm Tranchulas was reportedly found to be stealing information from the Indian government and defence establishments. The information came to light through a two year investigation by the US-based IT security firm FireEye. According to FireEye, Tranchulas, which claims to have helped the Pakistani government prepare for cyber warfare, sent emails to Indian government officials containing malicious code.

Gematlo hack aided by NSA and GCHQ: In Februaury 2015, SIM card provider Gemalto admitted that the hacking operation by the NSA and GCHQ between 2010 and 2011, targeted India Pakistan, Afghanistan, Serbia and Iran among others. Gemalto’s report also mentions that the interception technique did not work with operators using secure data exchange methods and in particular it “failed to produce results against Pakistani networks”.