The government penalized the RailYatri app custodian company for data leaks, and the app was restored after taking necessary security measures. Parliament was informed on Wednesday. Minister of State for Electronics and IT Rajeev Chandrasekhar, in a written reply to the Lok Sabha, said that IRCTC took action on the RailYatri app following information shared by CERT-In in December 2022.
“As per information furnished by the Indian Railway Catering and Tourism Corporation (IRCTC), upon receipt of information from CERT-In in December 2022 regarding leakage of data acquired and maintained by the RailYatri app, the ticket-booking facility on the RailYatri app was stopped, a penalty was imposed on the company that is the custodian of the RailYatri app, and the app was restored after taking necessary security measures,” he said.
The minister said that a total of 10, 5, and 7 incidents of data leaks related to government organizations were reported for the years 2020, 2021, and 2022, respectively. The minister said that CERT-In had issued directions under Section 70B in April 2022 for the mandatory reporting of cyber incidents to CERT-In within six hours of such incidents being noticed or brought to its attention.