In contrary to the reports suggesting the IRCTC has been hacked, an official claimed that the website was never been compromised and revealed that a committee has been formed to examine the alleged data breach.
Earlier, the corporation was informed by the Maharashtra Cyber Cell about the potential data theft of its user registration details.
“There has been no hacking as such, we’ve checked our data for the last one month and beyond that. As for the report as far as data theft is concerned, a committee has been formed and they are enquiring into the matter,” said IRCTC PRO Sandip Dutta, in response to a news report which said that personal data of one crore (10 million) IRCTC users is likely to have been stolen.
“Right now we are not even in possession of that data which the cyber cell is talking about. Unless we are in possession of that data, we are not in a position to let you know if the data belongs to IRCTC or not,” Datta said. “We’re waiting for that data to be given to us, so that we can establish whether that data belongs to IRCTC or someone else, and if it’s been sold in the name of IRCTC.
As of now, IRCTC has a total user-base of 39 million, and sells 500,000 tickets every month, with 50 million daily visitors, according to its stats listed on its website. If the alleged hack turns out to be legitimate, it could potentially be the biggest data breach in India’s Internet history.
Currently, it is in damage control mode, and responding to every mention of the alleged data breach on the micro-blogging site, Twitter.
Explaining the importance of measures to counter such attacks, Sudeep Das, SE Manager – India and SAARC for RSA says, “The traditional Web Application Firewall technologies needs to be augmented with Behavioral Intelligence to hunt these attacks in real time and respond to them quickly. Need of the hour is to detect quickly and respond even quicker before there is a major damage to business.”