The main website used by passengers all over the country to book train tickets has not been hacked, top officers told NDTV today, conceding that data of customers may, however, have been sold.
The website of the Indian Railway Catering and Tourism Corporation (IRCTC), a subsidiary firm of the Indian Railways, sees hundreds of thousands of transactions every day - including at least five lakh ticket sales for train journeys - making it one of the biggest e-commerce destinations in the country. It tweeted NDTV's Hindi news channel, NDTV India, to say that it's looking into whether data was sold.
@ndtvindia IRCTC website has not been hacked. Enquiry is being conducted regarding alleged data sale.— IRCTC Ltd. (@IRCTC_Ltd) May 5, 2016
The railways site has three crore active and registered users, which means information like their bank accounts and credit cards can theoretically be exploited. However, a statement from the ITCTC said sensitive data including passwords is encrypted and there is no indication of "breach of security in any of the databases of the e-ticketing system".
Officials also said the website is functioning properly, with passengers being able to book tickets online.
Yesterday, the Cyber Cell of the Mumbai police informed the Railways that a large volume of data from its website was stolen.
"We asked the Cyber Cell to provide us with the data that they claim belongs from our website. Once we have the data, proper verification would be conducted," Mr Dutta said, adding that a committee with six members is looking into the scandal.