This Article is From May 07, 2016

IRCTC Data Not Leaked, Everything Safe: Officials

IRCTC Data Not Leaked, Everything Safe: Officials

The report of possible theft of data from IRCTC ticketing website came to light on May 2.

Highlights

  • Central Railway and Western Railway dismiss reports of data leak
  • Railways had formed a panel to check possible theft of data
  • There were rumours about an alleged leak of e-mails and mobile numbers
Mumbai: Central Railway (CR) and Western Railway (WR) officials on Friday dismissed reports about leak of database from Indian Railway Catering and Tourism Corporation (IRCTC) e-ticketing system and said everything is "safe and secure".

In a joint press conference at the CR headquarters in Mumbai, top officials from both the divisions said the IRCTC database is in safe custody.

"Our preliminary reports have found no hacking nor any leakage on IRCTC ticketing website and everything is safe and going on smoothly," General Manager of Central Railway, S K Sood, said.

Railways has constituted a committee comprising IRCTC and Centre for Railway Information Systems (CRIS) officials on May 3 to check the possible theft of data.

"Our preliminary investigation has also found there has been no unauthorised interference and all the system checks are well in place," Mr Sood said, adding investigations are still on and railway officials were in touch with the Mumbai police.

The e-ticketing system is managed in-house by CRIS, the IT arm of Indian Railways. The data centre is on the premises of CRIS, headquartered in Delhi.

Arvind Malkhede, group general manager of western zone of IRCTC said no complaint or FIRs have been filed in this regard.

"Neither in Delhi nor here in Mumbai, no complaint or FIR has been filed. However we are cautiously looking into the issue," Mr Malkhede said, adding the security system has been reviewed recently and they are still monitoring it.

He was replying to a query about reports citing cyber officials in Maharashtra regarding alleged leak of e-mail and mobile numbers from user profile with IRCTC ticketing system.

According to Railways, the report of possible theft of data came to light on May 2 and a thorough investigation was carried out.

The data of e-ticketing system can be broadly divided into two categories - sensitive information like debit/credit card details, login ID, passwords, which could cause potential financial risk. PAN card detail is not required for booking e-ticket.

"No sensitive data have been leaked. Till now, leak of data through none of the service providers of IRCTC has been established," Ravindra Bhakar, WR chief spokesperson, said.

The officials urged the registered users to keep resetting their passwords time to time.
.