IRCTC Website Not Hacked, But 10 Mn Customers Data Up For Sale [UPDATED]

Must Read

Net Worth Of Jeff Bezos Is More Than Combined Net Worth of India’s Top 10 Richest People!

Jeff Bezos and the phrase 'World's Richest Person' has become synonym to each other. But after the...

Search Engine Optimization In Digital Era: Look Beyond Traffic

Search engine optimization, aka SEO, plays a vital role in today's online world, especially if it's about...

After Banning Apps, India To Clamp Down On Startup Investments From China

The recent border conflict between India and China has led to the Indian Government to actively take...

Indian Railways and Tourism Corporation (IRCTC) is facing strenuous time to manage the safety and security of its online ticket booking website Earlier in the day many media publications jumped the gun to report about the possible hack of Indian Railways and Tourism Corporation (IRCTC) website. However, the official later denied the claim, albeit accepted that the personal Information of around 10 million customers is stolen.

The hackers have allegedly gained access to sensitive personal information including Aadhaar card details, PAN card number, mobile phone numbers and email IDs. However, the credit and debit card information about the 10 million customers were safeguarded as banks divert the payments to their secure platforms. It is also being reported that the personal details of those 10 million customers are up for sale in a form of CD for Rs. 15,000 (US$240).

“IRCTC website was not hacked and is functioning properly,” Sandip Dutta, IRCTC public relations officer, said today, adding that passengers will have no problem booking tickets online.

The matter came to light when Inspector General (IG) of Maharashtra’s Cyber Cell informed Chief Commercial Manager (CCM) of Western Railways about the leakage of data on Tuesday. Later a committee was formed soon after the CCM informed the Railway board about the leak. The committee includes 3 members from Centre for Railway Information System (CRIS), the IT arm of the Indian railway ministry, and 3 members from IRCTC.


Approximately 500,000 tickets are booked via IRCTC website every day. Therefore, the topmost concern revolves around the customer’s bank account details which include his/her credit and debit card details. Fearing this, IRCTC’s Managing Director has written to Delhi Police’s Cyber Cell to have a deeper insight into the matter.

“We cannot comment until we have seen the data that has been leaked. We will be able to substantiate any claim of data hack or Theft only after we have seen the data and checked whether it belongs to IRCTC website or some other source” said a senior IRCTC official.

A casual affair for the hackers

This is not the first time Indian Railways website has been targeted by hackers. A month ago Al Qaeda shocked Asia’s largest rail network by hacking a microsite of Indian Railways Railnet page. For a short duration, the terror group bombarded the site with messages persuading Indian Muslims to join Jihad then.

In another incident, a man was also arrested from Basti in Eastern Uttar Pradesh who was allegedly creating fake tickets by hacking into IRCTC’s website. A team comprised of officials from CBI’s Bengaluru branch and Central Railway camped for 3 days in Basti to track the man off.

The number of website hacking incidents in India seems on consist rise and is posing a direct threat to government’s cyber security efforts. Around 8,056 incidents of website hacking has been reported until March 2016 whereas 28481, 32323 and 27205 website hacking incidents were reported during 2013, 2014 and 2015 respectively.

The list of cyber crimes in India is also far from the end. Symantec’s latest Internet Security Threat Report  (ISTR) shows the dismal state of India’s cyber security. The major security concern for India’s cyber security is the social media scams that have risen 156% between 2014 and 2015. In layman’s term, one out of six scams on social media impacted an Indian.


Indian organizations suffered the most by cyber attacks in 2015 and the country was the 6th most targeted in Asia. The targeted firms were attacked twice on an average. Mining and BFSI businesses were targeted very frequently by the attackers.

The obsolete cybercrime laws of India are the prime reasons behind the successful hacking attempts. For an example, the laws for the smartphone are not laid separately and are ought to be treated under computer, while smartphones and computers are two poles apart.

The recent report by Symantec shows us the pathetic state of cyber security in India and lack of efforts put in by the Indian government to counter the cybercrime over the years. While the numbers of cybercrime are already staggering there are many incidents that remain unnoticed and unreported.

UPDATE: 6 May 2016: IRCTC has come out with more clarification today. In a tweet to us IRCTC has claimed that while the website was never hacked, there is no track of possible data leak of 10 million customers till now. However, the joint team of CRIS and IRCTC is still investigating the matter to verify if there was any data leak. IRCTC has also insisted on the fact that data up for sale is only non-sensitive data, i.e. email id, phone number etc., and can be captured through other sources as its available with many startups and companies, such as e-commerce companies, app based cab service providers etc. You can read the complete release from IRCTC below:





Please enter your comment!
Please enter your name here

Latest News

How People Set Their Passwords: 123456 Is The Most Common One [STUDY]

Do you know why hackers quickly gain access to your system or online accounts? 

Will The Ban On TikTok Be Revoked?

The ban on TikTok is the talk of the town. All hell broke loose for Tiktok when the popular short-form video platform...

Global 5G Chipset Market: $22.41 Billion By 2026, Driven by 5G Smartphones

As the world has started shifting from 4G to 5G era, the global 5G chipset market has started attracting the eyeballs of...

Launch Of JioMeet Will Make Zoom To Be The 60th Chinese App To Get Banned In India?

Today as soon as the launch of JioMeet was formally announced by Mukesh Ambani, the frontman of Reliance Industries, people quickly found...

Intel Invest in Jio Platforms: A Chance For Redemption In The Smartphone Market?

If you thought Mukesh Ambani was finally going to stop the stake selling spree in Jio Platforms after RIL was recently announced...

With The Launch of JioMeet Reliance Sets Its Eyes On Video Conferencing Market!

The race to dominate the video conferencing market has just become more interesting. As we are going through the...

In-Depth: Dprime

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

Fantastic 4: Four Day Work Week A Flashpoint Of Innovation?

It has been an idea that has been mooted by many, perhaps also somewhat sceptically. From being a dark horse to becoming...

TikTok Is Facing The Wrath Of People Who Love It The Most

Ever since the popular social media app TikTok entered India, it has been growing very aggressively in terms of users. Within a...

More Articles Like This