RailYatri penalised for data leak, app restored after security measures

New Delhi: The government penalised the RailYatri app custodian company for a data leak and the app was restored after taking necessary security measures, Parliament was informed on Wednesday.

Minister of State for Electronics and IT Rajeev Chandrasekhar in a written reply to the Lok Sabha said that IRCTC took action on the RailYatri app following information shared by CERT-In in December 2022.

”As per information furnished by the Indian Railway Catering and Tourism Corporation (IRCTC), upon receipt of information from CERT-In in December 2022 regarding leakage of data acquired and maintained by RailYatri app, the ticket-booking facility on RailYatri app was stopped, penalty was imposed on the company which is the custodian of the RailYatri app, and the app was restored after taking necessary security measures,” he said.

The minister said that a total of 10, 5 and 7 incidents of data leak related to government organisations were reported for the years 2020, 2021 and 2022 respectively.

”As per the information reported to and tracked by the Indian Computer Emergency Response Team (CERT-In), a total of 47 incidents of data leak and 142 incidents of data breach were reported during the last five calendar years,” Chandrasekhar said.

The minister said that CERT-In, in April 2022, had issued directions under section 70B for mandatory reporting of cyber incidents to CERT-In within six hours of such incidents being noticed or being brought to notice.

He said that the CERT-In had also issued a special advisory in December 2022 on best practices to enhance the resilience of health sector entities, and has requested the Ministry of Health and Family Welfare to disseminate the same to all authorised medical care entities and service providers in the country to enhance cyber security.