While earlier reports pointed out stating that the Indian Railway Catering and Tourism Corporation’s (IRCTC) website was hacked, turns out, it was not. The IRCTC themselves have come out stating that their website was not hacked, but that some data in the name of IRCTC is in circulation.
“Things like security breaches are already happening all year round. It’s not something new. The sad part is that companies, be it public or private, are not prepared to handle anomalies like this and it’s just a matter of what gets reported when. In case of IRCTC, there is a serious gap in planning that needs to be plugged. They cannot afford to get complacent about matters of security.”
“IRCTC keeps talking about improving experience, but there is hardly any mention of the security aspect of the website. Security attacks are ever-changing – it’s a moving goal post. The only way to address it is regular auditing of product, people and processes. Companies cannot afford to let go once they have set up a website, new technology and defence systems need to be put in place regularly. This holds especially true for IRCTC where the scale of impact is so huge,” shares Gogia.