Taj Hotels group, owned by Tata, reportedly experienced a data breach that resulted in the exposure of over 1.5 million client records.
A malicious actor going under the pseudonym “Dnacookies” has reportedly requested $5,000 (about INR 4.16 lakh) as ransom for the entire dataset, according to an ET report. As per close sources, it contains addresses, membership IDs, mobile numbers, and other personally identifiable information.
Prior to requesting a ransom, the threat actor maintained three criteria and asserted that the customer data had not yet been revealed to anyone. The threat actor’s first demand was for there to be an administrator on the forum, acting as a middleman during any trade negotiations. According to the business daily, it was made clear that there would be no data splitting and that no further data samples would be sent.
“We have been made aware of someone claiming possession of a limited customer data set, which is of non-sensitive nature,” Indian Hotels Company Ltd (IHCL) spokesperson said in a statement.
The hotel chain acknowledged that the Indian Computer Emergency Response Team (CERT-In) and cybersecurity watchdog are aware of the issue.
The representative emphasized that the company places the utmost priority on the safety and security of its customers’ data. “We are looking into this claim and have notified the appropriate authorities,” the spokesman stated.
The representative went on to say that the hotel group is constantly keeping an eye on its systems and that there is no indication of any continuing or present security risks that could affect business operations.
