In a significant cybersecurity breach, the personal information of about 1.5 million people linked to the Tata-owned Taj Hotels group has potentially been exposed. The cybercriminal, known as “Dnacookies,” is asking for a $5,000 ransom for the dataset, which reportedly contains addresses, membership IDs, mobile numbers, and other personally identifiable information (PII).
What Happened? Indian Hotels Company Ltd (IHCL), which operates the Taj Group, acknowledged the situation. A spokesperson emphasized the company's commitment to customer data security, stating that the data is of non-sensitive nature, in a statement shared with the Economic Times.
The hacker claims the compromised data spans from 2014 to 2020 and has not yet been shared with anyone. They’ve set three specific conditions for any potential deal, including the involvement of a middle person with admin status on the hacking forum.
This breach was first brought to ET’s attention by a security researcher and later verified on the black hat hacking cybercrime marketplace, BreachForums, where Dnacookies posted a sample of the data.
See also: India Loves iPhones But Gives Macs and iPads Cold Shoulder: Report
The recourse? IHCL is actively investigating the claim and has informed the relevant authorities, including the Indian Computer Emergency Response Team (CERT-In), which is also reportedly aware of the breach. Despite the breach, IHCL assures no ongoing security issues or operational impact.
The data also doesn’t seem to include any highly sensitive government-issued IDs like Aadhaar. The data is also likely to be from an old hack, as the records date back to 2014-2020 and include data points from India, the US, Europe, and Iran.
Read next: India Made 19,600 Takedown Requests To Google In The Last 10 Years: Report
Don't miss a beat on the share market. Get real-time updates on top stock movers and trading ideas on Benzinga India Telegram channel.
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.