There have been several media reports stating that India’s largest e-commerce platform to book train tickets, Indian Railway Catering and Tourism Corporation (IRCTC) website being allegedly hacked.

The reported data theft will affect more than three crore registered users, who regularly use the IRCTC website to book train tickets. User data including email IDs, mobile numbers, Aadhaar Cards, and Pan Card details is feared to be stolen.

IRCTC website allegedly hacked, Data theft reported - PRO denies it

Somebody can create forged documents on the basis of the stolen data. The data is a valuable asset and can be sold to corporations who may use it for targeting potential consumers” according to a statement from IRCTC official to Times of India.

Government officials and IRCTC’s Public Relations Officer Sandip Dutta has asserted that no hacking attempt has been made on the IRCTC website and all user data are safe.

There has been no hacking attempt on the site. A high-level committee has been formed to probe the matter” said Sandip Dutta to Indian Express. “We have requested the cyber cell to give us details of the so-called data theft” he added.

IRCTC’s official twitter handle has denied the hacking report and been tweeting to users queries regarding it.

An enquiry is being conducted by a high-level committee regarding alleged data theft and also Delhi police’s cyber cell has been asked to probe the matter.

IRCTC is India’s biggest e-commerce player with around 2.5 crore active users. Developed by the Centre for Railway Information Systems (CRIS) under the Ministry of Railways manages all IT applications of Indian Railways.

Update (6th May 2016) –

IRCTC has issued a statement regarding the hacking report on its website, that says –

There is no truth in news reports about user data hacking from IRCTC website. Please note that IRCTC does not store user’s bank/card credentials. User credentials are completely safe on IRCTC website.
The committee in its preliminary report has not found any indication of breach of security in any of the databases of the e-ticketing system. Further investigations by the committee is in progress and once the purported leaked data is made available, checks will be conducted.

Email and mobile numbers have to be shared with service providers for providing catering services, cab services, hotel bookings, SMS services. Till now, leakage of data through none of the service providers of IRCTC has been established