Sunday, December 22

Railways Denied Reports of Data Leak From IRCTC Website

Railways today dismissed reports about the leak of email and mobile numbers from user profile data of Indian Railway Catering and Tourism Corporations (IRCTC) e-ticketing system and said everything is safe and secure.

There is no hacking nor any leakage of IRCTC ticketing website and everything is safe, Railway Board Member (Traffic) Mohd Jamshed told PTI.

He was replying to a query about reports citing cyber officials in Maharashtra regarding alleged leak of email and mobile numbers from user profile data of IRCTC e-ticketing system.

He said the security system has already been reviewed twice in the recent past.

Railways constituted a committee comprising cyber experts and vigilance officials from IRCTC and Centre for Railway Information Systems (CRIS) on May 3 to check the possible theft of data and found no such case.

“The committee has submitted the preliminary reports and there is no leakage. We are constantly monitoring it,” Jamshed said.

The e-ticketing system is managed in-house by CRIS, the IT arm of Indian Railways. The data centre is in the premises of CRIS.

According to Railways, the report of possible theft of data came to light on May 2 and a thorough investigation was carried out to ascertain its veracity.

However, no such incident was detected by technical teams of CRIS and IRCTC.

The data of e-ticketing system can be broadly divided into two categories – sensitive information like debit/credit card details, login ID, passwords, which could cause potential financial risk. PAN card detail is not required for booking e-ticket.

No sensitive data is alleged to have been leaked.

It is clarified that other data like mobile numbers and email ids is available with a large number of electronic service providing entities such as e-commerce firms and telemarketers.

Email and mobile numbers have to be shared with service providers for providing catering services, cab services, hotel bookings, SMS services etc. Till now, leak of data through none of the service providers of IRCTC has been established.

E-ticketing website has been working normally thereby eliminating any chances of unauthorized interference, IRCTC said.