IRCTC- Indian Railway Catering anf Tourism Corporation has been hacked and personal data of about 1 crore has been leaked. Rumours has been spread on social media that the leaked data is being sold. But the officials made sure that the website is not been hacked and they are investigating the matter.
In India IRCTC is one of the biggest travelling e-commerce platform which have about lakhs of transaction per day. With a user base of 39 Million it sells around 500k tickets every month. Consumers personal details such as Pan card number, Credit and Debit card, Mobile numbers and Aadhar card etc are at risk.
Sandip Dutta, PRO IRCTC said
“Right now we are not even in possession of that data which the cyber cell is talking about. Unless we are in possession of that data, we are not in a position to let you know if the data belongs to IRCTC or not. We’re waiting for that data to be given to us, so that we can establish whether that data belongs to IRCTC or someone else, and if it’s been sold in the name of IRCTC.”
Sudeep Das, SE Manager India and SAARC, RSA explains,
“The hackers use business logic abuse mechanisms to hide within legitimate traffic but in a manner unintended by the site owner. Such sophisticated attacks often go unnoticed by either Web Application Firewalls or Log Analysis tools. It seems the same has happened in case of IRCTC hack.”
A senior IRCTC official said in the report,
“We cannot comment until we have seen the data that has been leaked. We will be able to substantiate any claim of data hack or theft only after we have seen the data and checked whether it belongs to the IRCTC website or some other source.”