There is no hacking nor any leakage of IRCTC ticketing website and everything is safe, Railway Board Member (Traffic) Mohd Jamshed told PTI.
He was replying to a query about reports citing cyber officials in Maharashtra regarding alleged leak of email and mobile numbers from user profile data of IRCTC e-ticketing system.
He said the security system has already been reviewed twice in the recent past.
Railways constituted a committee comprising cyber experts and vigilance officials from IRCTC and Centre for Railway Information Systems (CRIS) on May 3 to check the possible theft of data and found no such case.
More From This Section
The e-ticketing system is managed in-house by CRIS, the IT arm of Indian Railways. The data centre is in the premises of CRIS.
According to Railways, the report of possible theft of data came to light on May 2 and a thorough investigation was carried out to ascertain its veracity.
However, no such incident was detected by technical teams of CRIS and IRCTC.
The data of e-ticketing system can be broadly divided into two categories - sensitive information like debit/credit card details, login ID, passwords, which could cause potential financial risk. PAN card detail is not required for booking e-ticket.
It is clarified that other data like mobile numbers and email ids is available with a large number of electronic service providing entities such as e-commerce firms and telemarketers.
Email and mobile numbers have to be shared with service providers for providing catering services, cab services, hotel bookings, SMS services etc. Till now, leak of data through none of the service providers of IRCTC has been established.
According to IRCTC, about 5.48 lakh tickets were booked
in a single day in April, 2016 with 2.66 lakh peak concurrent users which means about 13,600 tickets were booked per minute.
According to railways, each component has been checked and none of them has been found to have any unusual activity. Technical investigations have also not indicated any unusual activity with respect to various system components.
The IT security of e-ticketing system is ensured through regular security audits by Standardization Testing Quality Certification (STQC) Directorate of Department of Electronics and IT.
IRCTC CMD AK Manocha said auditing is an ongoing process and security audit of e-ticketing system is undertaken biannually.
"24x7 monitoring of the system is done throughout the year by technical team of experts. Strict physical checks are already in place in the data centre like restricted access to data centre, CCTV cameras at entry and exit points of data centre," Manocha said.