The e-ticketing portal of the Indian Railways has been hacked, exposing the personal data of its customers, The Times of India reported on Thursday. “The data is a valuable asset and can be sold to corporations,” the paper quoted a source in the Indian Railway Catering and Tourism Corporation Limited as saying.

The IRCTC strongly denied the Times report. Its Public Relations Officer Sandip Dutta maintained there has been “no hacking attempt on the site” and “a high-level committee has been formed to probe the matter”.

According to the Business Standard, the Railway Board, which manages Indian Railways, has instituted a six-member panel of experts to investigate if there has been any data theft and if that information belongs to the “IRCTC website or some other source”.

If the hack is proven true, newspapers say, the personal data of around 1 crore customers – such as PAN card numbers, Aadhaar card details, email addresses and mobile numbers – could be at risk. IRCTC is India’s largest e-commerce website, handling lakhs of transactions a day.

Railway Minister Suresh Prabhu and the Ministry of Railways didn’t comment on the alleged hack on Twitter. But that didn’t stop Twitterati from using the news to roast the IRCTC site for its poor services.