Tata-owned Taj Hotels group has suffered a data breach that has exposed information of over 1.5 million customers, according to a news report.
According to a report from CNBC-TV18, a bad actor going by the handle, “Dnacookies” has demanded a sum of $5,000 (about Rs 4.16 lakh) as ransom for the full dataset. It apparently includes addresses, membership IDs, mobile numbers and other personally identifiable information, according to sources close to the publication.
“We have been made aware of someone claiming possession of a limited data customer data set, which is non-sensitive in nature,” A spokesperson for the Indian Hotels Company Ltd. (IHCL), which manages the Taj Group, told CNBC-TV18.
The bad actor claimed the data set contains data from the 2014-2020 period and has not been disclosed anywhere till now. The Economic Times has reviewed the breach post on hacker forums, which was published on November 5. The bad actor also provided a sample containing one thousand rows of unique entries.
The IHCL spokesperson said the company is, “investigating this claim and has notified the relevant authorities”, adding that it will continue to “monitor its systems”.
The source CNBC-TV18 spoke to said the Indian Computer Emergency Response Team (CERT-In) was also aware of the breach and is investigating the matter.
The bad actor has supposedly made three demands – 1) There needs to be a middle-man for any negotiable deal. 2) There will be no splitting of data, it will either be all or nothing and 3) No additional samples of the data will be provided.
