In what could be the biggest hack in India’s internet history, with the personal details of more than 1 crore people on stake, the e-ticketing portal of the Indian Railway Catering and Tourism Corporation (IRCTC) is feared to have been hacked on Tuesday night.
Officials suspect the massive data hacking may have involved personal information of users including PAN card numbers, Aadhaar card details, email ids and mobile numbers — immensely valuable set of information for telemarketing companies in the digital age.
“We cannot comment until we have seen the data that has been leaked. We will be able to substantiate any claim of data hack or theft only after we have seen the data and checked whether it belongs to the IRCTC website or some other source,” said a senior IRCTC official.
Despite the seriousness of this incident, there seems to be a lot of confusion on whether there has actually been a hack. While reports claim that the site has been hacked, IRCTC PRO Sandip Dutta has refuted the media reports. “There has been no hacking attempt on the site. A high-level committee has been formed to probe the matter,” Dutta told IndianExpress.
Since 2012, there have been several 10 instances of government sites hacked. These include websites for the Border Security Force, DRDO, Press Club of India, and the Indian revenue Service among others. Several government websites have been hacked as well, and last year, Ravi Shankar Prasad revealed that since 2012 more than 700 government websites hosted under ‘gov.in’ and ‘nic.in’ domains had been hacked. Fortunately, these websites only contained public information and no sensitive data.
Last year, the Ministry of Railways reportedly spent over 100 crores in updating the website. However, according to sources at CRIS, the focus was more on increasing the speed of the ticketing process than amping up security firewalls.