IRCTC Website Hacked; Personal Data Of Lakhs Of Users At Risk

IRCTC Website Hacked; Personal Data Of Lakhs Of Users At Risk

According to a recent report, personal data of about 1 Cr IRCTC users is feared to have been leaked from the website’s server. The Maharashtra cyber cell had informed IRCTC about a potential data theft of its user registration details on Tuesday.

IRCTC has denied the report and said that there is nothing wrong with its website.

However, according to this tweet, Maharashtra Government has confirmed the data theft.

An IRCTC official stated that a committee has been formed to enquire into the alleged data breach.

IRCTC is the biggest travel ecommerce platform in India with lakhs of transaction done on its platform everyday. It currently has a user base of 39 Mn and it sells close to 500K tickets on a monthly basis. The data captured by the hackers can be sold to other companies who may use it for targeting potential consumers.

The state’s additional chief secretary (home), KP Bakshi, told TOI that the state police had alerted the railways.

“Right now we are not even in possession of that data which the cyber cell is talking about. Unless we are in possession of that data, we are not in a position to let you know if the data belongs to IRCTC or not. We’re waiting for that data to be given to us, so that we can establish whether that data belongs to IRCTC or someone else, and if it’s been sold in the name of IRCTC,” IRCTC PRO Sandip Dutta, said.

Many personal information like PAN card numbers, mobile numbers, Aadhaar card details, etc. of the users are at risk. On the other side, credit/debit card details are at a little risk, since the payment gateway takes the customer out of the website during the online transactions.

However, IRCTC Chairman & Managing Director A.K. Manocha, in a chat with Inc42 said that there was no hacking activity. He further added, “The data screenshot shared by most of the publications reporting the matter does not match with the IRCTC data. Only a minute part of the data matches. The number 1 crore is only highlighted by the media. Only a few lakh passengers have their PAN cards data on the website. We have several layers of protection on the website to prevent any such hacking.”

It is to be noted that IRCTC had spent around INR 100 crore last year for the upgrading of the website.

Sudeep Das, SE Manager – India and SAARC, RSA explains, “The hackers use business logic abuse mechanisms to hide within legitimate traffic but in a manner unintended by the site owner. Such sophisticated attacks often go unnoticed by either Web Application Firewalls or Log Analysis tools. It seems the same has happened in case of IRCTC hack.”

He further added that the traditional Web Application Firewall technologies needs to be augmented with Behavioral Intelligence to hunt these attacks in real time and respond to them quickly. “Need of the hour is to detect quickly and respond even quicker before there is a major damage to business.”

This news came in just a week after a joint team of the Bangalore Branch of the Central Bureau of Investigation (CBI) and Western Railways Vigilance Department had arrested a person in Eastern Uttar Pradesh for hacking into the IRCTC website to create fake tickets to sell to agents.

As per recent reports, the number of breached records per incident in 2015 ranged from 3,000 to 77,000 records, thereby costing around INR 88.3 Mn as an average total cost of data breach. If the said reports are true, this will be considered a one of the biggest internet data breach in India.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

Unlock 60% OFF
Cancel Anytime
Unlock 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

IRCTC Website Hacked; Personal Data Of Lakhs Of Users At Risk-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

IRCTC Website Hacked; Personal Data Of Lakhs Of Users At Risk-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

IRCTC Website Hacked; Personal Data Of Lakhs Of Users At Risk-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

IRCTC Website Hacked; Personal Data Of Lakhs Of Users At Risk-Inc42 Media
IRCTC Website Hacked; Personal Data Of Lakhs Of Users At Risk-Inc42 Media
You’re in Good company