How a free travel insurance offer on the Indian Railways website left data of 200,000 passengers exposed to hackers for two years
- The Indian Railway Catering and Tourism Corp’s (
IRCTC) website, used to book railways tickets digitally, exposed data of 200,000 users.
- The railway department was unaware of the bug for the past two years in a massive
- Although, the bug has been fixed but it is still not known if the information was stolen by any hackers.
The website glitch involving a free travel insurance policy of railways could have given hackers unauthorised access to personal information of the traveler including name, age, gender and insurance nominees, according to the report.
The incident began in 2016 when Indian Railway Catering and Tourism Corp’s (IRCTC) launched a provision of free travel insurance for people who used its website or mobile application to book train tickets. The provision permitted users to avail insurance coverage through third-party insurers, risking their their personal details in return because of the bug.
Neither the Railways nor any other government organisation was aware of the vulnerability until Avinash Jain, a security researcher, identified the bug and alerted IRCTC in August this year. According to Economic Times, the issue was acknowledged and fixed by Indian Railways soon after the researcher warned the railways about the bug.
Jain claimed that he was able to fetch data of around 1,000 passengers in just ten minutes.
To be sure, it is unclear if the data risked by IRCTC has been improperly accessed or misused by any cyber attacker.
The risks of digital?
According to IRCTC’s annual report 2016-17, 62% of the reserved railways tickets in India are booked online. Additionally, more than 570,000 tickets are booked using the website or mobile application. Given the significant amount of passenger information IRCTC hold, the glitch would have resulted in a massive data breach.
And while the rapidly-changing IT-infrastructure has eased many government operations but it has also, in some cases, resulted in higher cyber security threats.
AdvertisementCyber attacks have been on the rise in India and the Indian government is expecting a further increase in number of attacks in 2018, said a recent report by the Hindustan Times.
The Computer Emergency Response Team (CERT) which monitors the cyber security incidents in India have reported 53,081 cases of cyber threats in India, reported Economic Times.
According to CERT, In 2017, there were over 53,000 cyber attacks in India. Whereas, the cases reported in 2016 were around 50,000.
A recent study by F-secure claimed that India witnessed over 695,000 cyber attacks in just six months.
The Indian government, for its part, has said it is planning to revise its cyber security policy to deal with cyber attacks and protect sensitive information.
Popular on BI
- Gold and silver jewellery to get a lot more expensive
- Indian tycoon Gautam Adani has abandoned a $2.5 billion fundraising effort in his latest setback following a short seller attack on his business empire
- It's been a very bad month for Indian billionaires — four of the richest Indians have collectively lost about $45 billion in 2023
- Budget to aid flagging affordable home segment, boosts demand with infra push
- BYJU's slashes over 1,000 jobs, mostly from its engineering teams
- Budget 2023-24: Positive for infra and credit growth
- Budget 2023-24: Continued focus on infra to enable growth, create jobs & enhance quality of life
- Budget 2023 proposes 20% TCS on foreign expenses under LRS