The government has fined the RailYatri app custodian company over a data leak and the app has been restored after taking necessary security measures, Parliament was informed on Wednesday.
Minister of State for Electronics and IT Rajeev Chandrasekhar said in a written response to the Lok Sabha that the IRCTC took action against the RailYatri app after information was submitted by CERT-In in December 2022.
“According to information provided by Indian Railway Catering and Tourism Corporation (IRCTC), after receiving information from CERT-In in December 2022 regarding the leak of data collected and maintained by RailYatri app, the ticket booking function in RailYatri app has been discontinued, the company that manages the RailYatri app has been fined and the app has been restored after the necessary security measures were taken,” he said.
The minister said that for the years 2020, 2021 and 2022, a total of 10, 5 and 7 incidents of data leaks related to government organizations were reported.
“According to information reported to and tracked by the Indian Computer Emergency Response Team (CERT-In), a total of 47 incidents of data leakage and 142 incidents of data breaches have been reported over the past five calendar years,” Chandrasekhar said.
The minister said that in April 2022, CERT-In issued Section 70B instructions for mandatory reporting of cyber incidents to CERT-In within six hours of such incidents being noticed or brought to attention.
He said that in December 2022, CERT-In also issued a specific recommendation on best practices to improve the resilience of health care facilities and asked the Department of Health and Family Welfare to disseminate this to all authorized health care facilities and service providers in the country to improve cybersecurity.