The Indian Railway Catering and Tourism Corporation (IRCTC) on Thursday denied media reports that hackers had pilfered data, including email and mobile numbers, from the user profiles of its e-ticketing system.
“Firstly, Indian Railways would like to clarify that there has been no hacking of the IRCTC website. The e-ticketing website has been working normally thereby eliminating any chances of unauthorised interference. As soon as the matter came to the notice of the Railways on May 2, thorough investigations were conducted to detect the veracity of the news. However, no such incident has been detected,” the Railway Ministry said in a statement.
In an attempt to reassure IRCTC users that their data was safe, the Ministry said the website had all the necessary safeguards and a regular security audit system. “All the components of the system are functioning normally and no unusual activity has been discovered,” the statement said.
All sensitive data like passwords are stored in an encrypted form. In addition, the system is monitored 24x7 throughout the year by a technical team of experts. Hence, there is no cause for panic or concern, the statement said, adding a railway committee set up to probe the incident had not found any indication of breach of security in any of the e-ticketing databases.
The statement said the Centre for Railway Information Systems (CRIS), the information technology arm of the Indian Railways, managed the IRCTC data centre which is located in the CRIS premises. Technical teams of CRIS and IRCTC were deputed to verify the information, and did not detect any such hacking incident.
The technical teams examined the multiple components of the e-ticketing system including the internet gateway, network security devices such as a gateway router, firewall, application delivery controllers, Security Informagion Event Management System web service as well as the database server access logs.
“Each of the components has been checked and none of the components has been found to have unusual activity. Technical investigations have also not indicated any unusual activity with respect to various system components,” it said.
Ticket booking peaks during the summer vacation period, and the IRCTC said its website saw nearly 5.48 lakh tickets booked in a single day in April 2016 with 2.66 lakh peak concurrent users. About 13,600 tickets were booked per minute.
System monitored 24x7 throughout the year by a team of experts, IRCTC claimed
