IRCTC Website Not Hacked, But 10 Mn Customers Data Up For Sale [UPDATED]

Must Read

Indian Railways and Tourism Corporation (IRCTC) is facing strenuous time to manage the safety and security of its online ticket booking website Earlier in the day many media publications jumped the gun to report about the possible hack of Indian Railways and Tourism Corporation (IRCTC) website. However, the official later denied the claim, albeit accepted that the personal Information of around 10 million customers is stolen.

The hackers have allegedly gained access to sensitive personal information including Aadhaar card details, PAN card number, mobile phone numbers and email IDs. However, the credit and debit card information about the 10 million customers were safeguarded as banks divert the payments to their secure platforms. It is also being reported that the personal details of those 10 million customers are up for sale in a form of CD for Rs. 15,000 (US$240).

“IRCTC website was not hacked and is functioning properly,” Sandip Dutta, IRCTC public relations officer, said today, adding that passengers will have no problem booking tickets online.

The matter came to light when Inspector General (IG) of Maharashtra’s Cyber Cell informed Chief Commercial Manager (CCM) of Western Railways about the leakage of data on Tuesday. Later a committee was formed soon after the CCM informed the Railway board about the leak. The committee includes 3 members from Centre for Railway Information System (CRIS), the IT arm of the Indian railway ministry, and 3 members from IRCTC.


Approximately 500,000 tickets are booked via IRCTC website every day. Therefore, the topmost concern revolves around the customer’s bank account details which include his/her credit and debit card details. Fearing this, IRCTC’s Managing Director has written to Delhi Police’s Cyber Cell to have a deeper insight into the matter.

“We cannot comment until we have seen the data that has been leaked. We will be able to substantiate any claim of data hack or Theft only after we have seen the data and checked whether it belongs to IRCTC website or some other source” said a senior IRCTC official.

A casual affair for the hackers

This is not the first time Indian Railways website has been targeted by hackers. A month ago Al Qaeda shocked Asia’s largest rail network by hacking a microsite of Indian Railways Railnet page. For a short duration, the terror group bombarded the site with messages persuading Indian Muslims to join Jihad then.

In another incident, a man was also arrested from Basti in Eastern Uttar Pradesh who was allegedly creating fake tickets by hacking into IRCTC’s website. A team comprised of officials from CBI’s Bengaluru branch and Central Railway camped for 3 days in Basti to track the man off.

The number of website hacking incidents in India seems on consist rise and is posing a direct threat to government’s cyber security efforts. Around 8,056 incidents of website hacking has been reported until March 2016 whereas 28481, 32323 and 27205 website hacking incidents were reported during 2013, 2014 and 2015 respectively.

The list of cyber crimes in India is also far from the end. Symantec’s latest Internet Security Threat Report  (ISTR) shows the dismal state of India’s cyber security. The major security concern for India’s cyber security is the social media scams that have risen 156% between 2014 and 2015. In layman’s term, one out of six scams on social media impacted an Indian.


Indian organizations suffered the most by cyber attacks in 2015 and the country was the 6th most targeted in Asia. The targeted firms were attacked twice on an average. Mining and BFSI businesses were targeted very frequently by the attackers.

The obsolete cybercrime laws of India are the prime reasons behind the successful hacking attempts. For an example, the laws for the smartphone are not laid separately and are ought to be treated under computer, while smartphones and computers are two poles apart.

The recent report by Symantec shows us the pathetic state of cyber security in India and lack of efforts put in by the Indian government to counter the cybercrime over the years. While the numbers of cybercrime are already staggering there are many incidents that remain unnoticed and unreported.

UPDATE: 6 May 2016: IRCTC has come out with more clarification today. In a tweet to us IRCTC has claimed that while the website was never hacked, there is no track of possible data leak of 10 million customers till now. However, the joint team of CRIS and IRCTC is still investigating the matter to verify if there was any data leak. IRCTC has also insisted on the fact that data up for sale is only non-sensitive data, i.e. email id, phone number etc., and can be captured through other sources as its available with many startups and companies, such as e-commerce companies, app based cab service providers etc. You can read the complete release from IRCTC below:





Please enter your comment!
Please enter your name here

Latest News

US Bans TikTok And WeChat: Oracle Deal Fails To Excite Trump

Amidst all the news about TikTok's proposed IPO in the US and Oracle deal, this news is...

TikTok IPO In US: The Injection Of Trust To Clinch Trump’s Confidence?

What started with the ban on TikTok could end with TikTok IPO in the US. TikTok is leaving no...

White Collar Employees Suffer The Worst: 6.6 Million Jobs Lost in India During May-August

When the coronavirus spread all over the world rapidly, apart from record death tolls, the other significant damage it did was to...

Apple Online Store In India Is A Kind Of Big Deal

After all rumours, speculations, debates and discussions online, as well as offline, Apple store in India is finally becoming a reality now....

Investment In Edtech Startups 2020: Record $4.9 Billion And Still Counting

Whilst the entire world spent the better half of 2020 locked indoors and practising social distancing, online education startups skyrocketed globally! Let’s...

BLESA: The New Bluetooth Vulnerability Putting Billions of Devices At Risk

With the ever-changing technology, the war against hackers and those intent upon malicious data theft are eternal. Fighting them is like fighting...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This