Reports emerging this morning claim that the Indian Railway Catering and Tourism Corporation (IRCTC) has been allegedly hacked, and personal information of more than one crore users could have been compromised, ET reports. There’s been no official announcement yet, and details are scarce on who are the perpetrators or what kind of data may have been compromised.
Being one of the biggest e-commerce sites in India, as well as a portal for users to book train tickets, IRCTC contains sensitive information on lakhs of users. These include credit, debit and even PAN card details, as well as name and address details. Stolen data could allow the hackers to forge documents.
Despite the seriousness of this incident, there seems to be a lot of confusion on whether there has actually been a hack. While reports claim that the site has been hacked, IRCTC PRO Sandip Dutta has refuted the media reports. “There has been no hacking attempt on the site. A high-level committee has been formed to probe the matter,” Dutta told IndianExpress.
IndiaToday‘s Rahul Kanwal however claims that the Maharashtra government has confirmed the hack. The government also confirms that user data on IRCTC has been compromised and they are being illegally sold on a CD for as much as Rs 15,000.
The IRCTC hacking yet again shows the callous nature of the Indian government when it comes to cyber security. Government websites have been repeatedly hacked, sometimes by people wanting to prove how easy it is, and at other times by people with ulterior motives.
Since 2012, there have been several 10 instances of government sites hacked. These include websites for the Border Security Force, DRDO, Press Club of India, and the Indian revenue Service among others. Several government websites have been hacked as well, and last year, Ravi Shankar Prasad revealed that since 2012 more than 700 government websites hosted under ‘gov.in’ and ‘nic.in’ domains had been hacked. Fortunately, these websites only contained public information and no sensitive data.