Taj Hotels’ data breach may have exposed 1.5 million: source
data breach at the Tata-owned Taj Hotels group earlier this month, ET has learnt.
A threat actor, who goes by the name "Dnacookies", has demanded $5,000 for the full dataset, which includes addresses, membership IDs, mobile numbers and other personal identifiable information (PII), according to people aware of the matter.
Elevate Your Tech Prowess with High-Value Skill Courses
Offering CollegeCourseWebsiteIndian School of BusinessISB Product ManagementVisitIIT DelhiIITD Certificate Programme in Data Science & Machine LearningVisitIndian School of BusinessISB Digital TransformationVisit“We have been made aware of someone claiming possession of a limited customer data set which is of non-sensitive nature," a spokesperson for Indian Hotels Company Ltd (IHCL), which runs the Taj Group, said. “Safety and security of our customers’ data is of paramount importance to us.”
The threat actor said the breached customer data is of the 2014-2020 period and has not been disclosed to anyone till now.
The threat actor has also mentioned three requirements for any deal.
ET was made aware of this first by a security researcher who did not want to be named. ET has reviewed the breach post that was published on November 5 on the black hat hacking cybercrime marketplace BreachForums, where the threat actor provided a sample containing 1,000 rows of unique entries.
The IHCL spokesperson said company executives are «investigating this claim and have notified the relevant authorities». IHCL continues to «monitor its systems» and «there is no suggestion of any current or ongoing security issue or impact on business operations”, the spokesperson said.
The source ET spoke with said the Indian Computer Emergency Response Team (CERT-In) is
