The Indian Railways’ online ticketing site has a reputation for being unreliable and difficult to use, but today, it’s sunk to a new low.
India Today reports that the Indian Railways Catering and Tourism Corporation (IRCTC) site was hacked and roughly 10 million users’ details, including phone numbers and dates of birth were stolen.
What’s worse is that IRCTC officials said that the data has been sold for a mere Rs. 15,000 ($225).
The state government is said to have identified the hackers involved in the incident, but at the time of writing, there were no announcements concerning their arrest.
Meanwhile on Twitter, IRCTC has been denying that its systems were breached.
@NewsWorldIN IRCTC website has not been hacked. Enquiry is being conducted regarding alleged data sale.
— IRCTC (@IRCTC_Ltd) May 5, 2016
It’s hard to know for sure if the site was indeed hacked or if the data theft was carried out by someone on the inside at IRCTC. However, there’s reason to believe that the transport organization’s networks aren’t secure.
Only last week, it came to light that a man in the north Indian state of Uttar Pradesh had hacked the site and used custom software to generate fake tickets in order to scam travelers.
Such incidents of cyber crime involving the theft and sale of user data are becoming all too common of late, and they’re putting people’s lives at risk for very little in return. Yesterday, a security firm revealed that it had received 272 million records for accounts held at email providers like Hotmail, Yahoo and Gmail, from a hacker who wanted less than $1 for the lot.
We’ve contacted IRCTC and the Maharashtra Cyber Crime Cell for comment and will update this post if there’s a response.
Read next: The banks of Google, Facebook and Amazon