WEBSITE HACK IS BASELESS :: IRCTC ANNOUNCED

Southern Railway published a press release that the News of IRCTC website hack is a baseless story and it is just a rumour. IRCTC, the ticket booking Website of the Indian Railway is the largest e-commerce site. There was news in some of the medias and social medias that IRCTC Website was hacked by some miscreants and personal data like email id and mobile numbers of more than 1 crore persons were lost.
Hack is baseless : IRCTC Website
IRCTC Website 

The website has a user base of over 1 crore and at least 5 lakh tickets are booked on daily basis. To log in and book tickets each user has to create and account, and has to give his/her email id and mobile number. The email ids and mobile numbers are highly important in the area of tele-marketing business.

After a thorough verification of systems, through the official website IRCTC has clarified that the news of such hack is just a story and no such incident had taken place. IRCTC also published a PRESS RELEASE related to this, the brief of that is following.

News reports have appeared in some Electronic and print media citing official, regarding alleged leakage of email and mobile numbers from user profile data of IRCTC E-ticketing system.
The matter came to notice of railway on 02.05.2016. The E-ticketing system is managed by CRIS, the IT arm of Indian Railway made an investigation and clarify that no such incident has been detected.
Railway said in the press release that No "Denial of Service attack" has been successful and the E-ticketing website has been working normally thereby eliminating any chances of unauthorized interference. About 5.48 lakh tickets were booked in a single day in April 2016 with 2.66 lakh peak concurrent users. About 13,600 tickets per minute were booked, press release said.
IRCTC also explained the E-ticketing system. The E-ticketing system has several components viz Internet gateway, network security devices such as gateway router and Firewall, Application Delivery Controller, Security Information Event Management System web server and database server access logs. Each of the components has been checked and none of the components has been found to have unusual activity. Technical investigations have also not indicated any unusual activity with respect to various system components.

The IT security of E-ticketing system is ensured through regular security audits by Standardization Testing Quality Certification directorate of Department of Electronics and IT, Government of India. The entire traffic flowing on E-ticketing system internet gateway is also forwarded to CERT-In in real-time for monitoring and alerting. The gaps reported by STQC in their penetration testing have been addressed. However, auditing is an ongoing process and security audit of E-ticketing system is undertaken biannually.

Audit trails are maintained for access to the system and all sensitive data like passwords etc are stored in encrypted form. In addition to this, 24*7 monitoring of the system is done throughout the year by technical team of experts. Strict physical checks are already in place in the Data center like restricted access to Data center, CCTV cameras at entry and exit points of Data center.

The data of E-ticketing system can be broadly categorized into two categories viz., sensitive information like Debit/Credit Card details, Login ID, Passwords, which could cause potential financial risk. PAN card detail is not required for booking E-ticket. No sensitive data has been alleged to have been leaked.

It is clarified that other data like mobile number and email ids is available with a large number of electronic service providing entities viz., E-commerce firms, telemarketers etc. Email and mobile numbers have to be shared with service providers for providing catering services, cab services, hotel bookings, SMS services, etc. Till now leakage of data through none of the service providers of IRCTC has been established, press release said.


A joint committee comprising of officers from both CRIS and IRCTC has been set up. The committee in their preliminary report has not found any indication of breath of security in any of the database of the E-ticketing system. Further investigations by this committee is in progress and once the purported leaked data is made available, further checks will be conducted, IRCTC press release said.

There was news in some of the medias and social medias that IRCTC Website was hacked by some miscreants and personal data like email id and mobile numbers of more than 1 crore persons were lost. After a thorough verification of systems, through the official website IRCTC has clarified that the news of such hack is just a story and no such incident had taken place. IRCTC also published a PRESS RELEASE related to this, the brief of that is following.

Post a Comment

[disqus][facebook][blogger]

Author Name

{picture#http://1.bp.blogspot.com/-0O6kmb7GF-4/Vp5wBipyycI/AAAAAAAAEcg/Pt-RQ6K9fwU/s1600-r/IRCTC%2BHELP.png} Welcome to India's leading IRCTC Help blog. IRCTC Help, providing latest news of Indian Railways and IRCTC from the year 2009. Here IRCTC Help (IRCTC Online Passenger Reservation Information) provides information's like Special Trains, Cancelled Trains List, Traffic Block, IRCTC Website Guides, Metro & Mono Rail Info, Railway Mobile Applications Info, IRCTC Catering, Train Status, PNR Status details etc. You can read more details on our About page. {facebook#https://www.facebook.com/pages/IRCTC-Online-Passenger-News/303631332986086} {twitter#https://twitter.com/IRCTC_News} {google#https://plus.google.com/101029213081299443149}

Contact Form

Name

Email *

Message *

Powered by Blogger.