Indian Railways Tightens Cyber Defences, Deactivates 30.3 Million Suspicious User IDs In 2025

India’s railways ministry said on Friday it deactivated 30.3 million suspicious user IDs in 2025 and blocked 60.43 billion malicious bot requests in the six months to December 2025 as part of a multi-layer cybersecurity and anti-fraud drive to protect its online ticketing system. The ministry said the reservation and e-ticketing platform of Indian Railways operates with industry-standard cybersecurity controls and has rolled out Aadhaar-based authentication, application-level safeguards, network security systems and administrative checks to curb fraud, particularly in time-sensitive Tatkal bookings.

To prevent misuse of Tatkal ticketing, Indian Railways introduced Aadhaar-based one-time password authentication for online bookings, which it said ensures instant verification of user uniqueness and restricts the creation and operation of fake or agent-controlled multiple accounts. The measure has helped prevent automated misuse and improved ticket availability and transparency for genuine passengers, the ministry said.

At the application layer, the system deploys multi-level CAPTCHA mechanisms to prevent scripting, brute-force attacks and distributed denial-of-service attacks, alongside security controls aligned with Open Web Application Security Project standards. To reduce system load and malicious traffic, Indian Railways has implemented a content delivery network to offload static content and deployed anti-bot solutions such as Akamai to filter non-genuine users, while protecting the platform through multiple layers including network firewalls, intrusion prevention systems, application delivery controllers and web application firewalls.

At the network and infrastructure level, the entire ICT system operates in high-availability mode and is protected by data-centre-grade security equipment. The ministry said the platform is shielded from volume-based DDoS attacks through multiple internet service providers with an aggregated mitigation capacity of nearly 30 Gbps, and is supported by enterprise-grade CDN, anti-bot, secure DNS and web application firewall services for threat mitigation and performance optimisation.

For cyber-threat intelligence, Indian Railways has engaged RailTel to undertake deep-dark web monitoring, digital risk protection and enhanced incident response. The ticketing system is hosted at a captive data centre in Chanakyapuri, New Delhi, secured through restricted physical access and CCTV surveillance, and the facility is ISO 27001 certified, the ministry said.

For monitoring and audits, the system is integrated with CERT-In under its Threat and Situational Awareness Project for round-the-clock surveillance of security incidents. CERT-In has also deployed its “Madhu-Sanjal” honeypot sensor to study attacker behaviour and intrusion attempts, while security logs are continuously monitored by on-premises teams.

Administrative anti-fraud measures included rigorous revalidation and verification of user accounts, leading to the deactivation of 3.03 crore suspicious user IDs in 2025, the ministry said, adding that 12,819 suspicious email domains were blocked during the year. Authorities lodged 376 complaints on the National Cyber Crime Portal linked to 3.99 lakh suspicious bookings, while internet traffic related to ticketing is continuously monitored by CERT-In and the National Critical Information Infrastructure Protection Centre to detect and prevent cyber attacks.

The ministry said that in the last six months of 2025, bot traffic accounted for 7.25 billion of 14.28 billion requests in December, 14.03 billion of 20.07 billion in November, 17.00 billion of 24.04 billion in October, 12.05 billion of 19.04 billion in September, 5.07 billion of 11.04 billion in August and 5.03 billion of 9.06 billion in July. The information was provided by Ashwini Vaishnaw, who holds charge of railways, information and broadcasting, and electronics and information technology, in a written reply to the Rajya Sabha.