UPDATE: 3:58 p.m. IST — The preliminary investigation into the alleged hacking of the Indian Railway Catering and Tourism Corporation (IRCTC) website has not revealed "any indication of breach of security in any of the databases of the e-ticketing system," IRCTC spokesperson Sandip Dutta told International Business Times, India, in an emailed statement on Thursday.
Indian Railways had set up a committee of IRCTC and the Centre for Railway Information System (CRIS) officials to look into the alleged leakage of email IDs and mobile numbers from user profile data of IRCTC e-ticketing system, said the statement.
"As soon as the matter came to notice of Railways on 02/05/2016, thorough investigations were conducted to detect veracity of the news, however, no such incident has been detected by the technical teams [sic]" of CRIS and IRCTC, it added.
"The committee in their preliminary report has not found any indication of breach of security in any of the databases of the e-ticketing system. Further investigations by this committee is in progress and once the purported leaked data is made available, further checks will be conducted, [sic]" it said.
Original Story —
Personal details like email address, PAN Card number, phone number and date of birth of at least 1 crore people are suspected to have been stolen from the Indian Railway Catering and Tourism Corporation (IRCTC) website that was reportedly hacked. The raiwlays, however, said it cannot confirm the hacking as a probe in this regard is still underway.
A team of six officials from IRCTC and the Centre for Railway Information System launched an investigation after Inspector-General of Police, Maharashtra Cyber Cell, alerted the Chief Commercial Manager of Western Railway about the hacking, Daily News & Analysis reported.
The Centre for Railway Information Systems, a part of the railway ministry, handles the IRCTC website.
An India Today report said an IRCTC official has confirmed to the channel the hacking, and the railways fears the stolen personal information were being sold in a CD for Rs. 15,000.
The Maharashtra government identified the hackers and informed the Railways and IRCTC about the development, according to India Today.
"Three days ago, IB cyber cell, Mumbai informed us that some data in the name of IRCTC is in circulation. We set up a committee which is probing this," CNN-News18 quoted IRCTC spokesman Sandip Dutta as saying.
"Railway board is waiting for a copy of the date to be shared by Cyber Cell, only then can we ascertain if it was indeed our data. So far, it has not been established. Probe is on. Website is absolutely fine," Dutta said.
Information like the PAN Card numbers, if stolen, could be reportedly used misused. "Somebody can create forged documents on the basis of the stolen data," the Times of India quoted a senior railway official as saying.
"The data is a valuable asset and can be sold to corporations who may use it for targeting potential consumers," an IRCTC source told TOI.
Although personal information like phone numbers and email IDs can be compromised, it will not be possible to retrieve credit card or bank data from the website as the transactions happen on payment gateways that are not part of the website, Mumbai Mirror quoted its sources as saying.