The Indian Railway Catering and Tourism Corporation (IRCTC) has reported a serious cybersecurity breach involving unauthorized access to two of its official email accounts. An FIR was lodged on Saturday at the Gomti Nagar police station in Lucknow, following a formal complaint by IRCTC officials, who alleged that the compromised emails were used to send fake complaints to government authorities.

The complaint was filed by Navneet Kumar, Manager at IRCTC’s Lucknow office, who flagged two separate incidents involving email IDs — [email protected] and [email protected]. These accounts, part of IRCTC’s official communication system, were allegedly misused in March and April 2025.

• First breach: March 13, 2025, at 4:53 PM
• Second breach: April 28, 2025, at 12:22 PM

In both instances, emails were reportedly sent in the name of IRCTC to various government departments, containing false complaints that misrepresented the organization.

IRCTC’s IT Cell immediately initiated an internal probe, compiling a technical report based on server logs, access times, and internal network audits. The report, now with the police, includes:

• Logs of all activity during the suspected breaches
• A list of personnel present in the office during the incidents
• Potential vulnerabilities that may have been exploited
• Initial IP traces and system access patterns

According to Navneet Kumar’s statement in the complaint, “The misuse of these official emails not only disrupts day-to-day functioning but also damages IRCTC’s reputation and credibility.”

He also warned that, given IRCTC’s critical role in managing passenger services and food operations across the Indian Railways, such unauthorized activities could pose a potential threat to national security.

Station House Officer (SHO) Brijesh Chandra Tiwari of Gomti Nagar confirmed that an FIR has been registered under relevant sections of the Information Technology Act. The case has been filed against unknown individuals, and an investigation is underway.

Speaking to the media, ADCP East Zone Pankaj Singh stated: “Efforts are underway to trace the IP addresses and digital footprints involved in the misuse. We are not ruling out either internal access or an external cyber intrusion at this point.”

The complaint raises the possibility that antisocial elements may have exploited IRCTC’s email infrastructure for malicious purposes, including:

• Spreading misinformation in the name of a government body
• Sabotaging official communications
• Data theft and system exploitation
• Breach of confidential internal or government-level information

The incident has sparked concerns about cybersecurity preparedness in public sector undertakings, especially those that manage large-scale operations and sensitive data.

The affected IRCTC office is located on the second floor of Paryatan Bhawan, Vibhuti Khand, Gomti Nagar, a key administrative and commercial area in Lucknow. The office handles regional operations, including tourism and catering services under the IRCTC umbrella.

The unauthorized use of IRCTC’s official email IDs has not only raised concerns about organizational cybersecurity practices but also about the growing threat of insider involvement or loopholes in digital infrastructure.

As investigations continue, the case serves as a reminder for public institutions to bolster IT protocols, conduct regular audits, and establish strict access controls for official communication channels.