IRCTC is one of the most frequently used e-ticketing portals in India and in a recent turn of events, the server has been hacked, eventually leading to leak of personal information of over 10 million customers. Unlike other hacks or leaks, the IRCTC compromise is a very serious thing as users would usually upload multitudes of information along with documents at the site.
With lakhs of transactions being conducted on a day to day basis, it is but evident that IRCTC database can be a Holy Grail for the attackers. The customers not only book the ticket but they also upload supporting documents like PAN card and other identity proofs, not to mention the saved credit and debit card details (depends on if the information was stored on bank gateway or IRCTC servers). This is a perfect scenario for the attackers who can easily forge documents based on the stolen data, thus creating a havoc.
Maharashtra Govt confirms @IRCTC_Ltd website hacked. Up to 1 crore account details potentially compromised. Being sold in a CD for Rs 15k.
— Rahul Kanwal (@rahulkanwal) May 5, 2016
Maharastra Government has already confirmed that the site has been hacked and up to 10-Million accounts have been compromised. This is what an IRCTC official had to say about the incident to TOI “The data is a valuable asset and can be sold to corporations who may use it for targeting potential consumers.” The authorities have already been alerted but it is still not certain on what actions have actually been taken.
The scale of the data theft is alarming and it also raises questions about the security measures put up by IRCTC, which being such a widely used service should have taken better security measures. The IRCTC hack is definitely one of the most prominent incident of data theft in the recent past inn India and it gives me shudders to think about the aftermath of the leak. Ironically, Railways had spent a whopping Rs100 crore last year to revamp the IRCTC website.
IRCTC has however refuted the claims that the site is hacked and is still says that they are inquiring into the matter. IRCTC has also further said that they are yet to receive a report from Maharashtra Cyber Cell.