In recent news, Taj Hotels, a subsidiary of Indian Hotels Company Ltd, has experienced a significant cyber-attack, leading to the compromise of personal information belonging to over 1.5 million customers. The leaked data includes sensitive details like addresses, membership IDs, mobile numbers, and other Personal Identifiable Information (PII) from 2014 to 2020.
It is surprising that Taj Hotels, now owned by the Tata Group, had retained such sensitive information, as Indian government guidelines strictly prohibit businesses in the hospitality sector from storing sensitive data like dates of birth and banking details. The motive behind holding this PII remains unclear.
The Indian Computer Emergency Response Team (CERT-IN) is actively investigating the cyber breach to understand its scope and impact. In response, IHCL has released a statement emphasizing its commitment to protecting customer details. They have engaged forensic specialists to conduct a thorough investigation into the breach.
This cyber-attack involves a threat actor known as “DNA Cookies,” who has demanded a ransom of $5000 for the release of the stolen data. Interestingly, the threat actor has demanded payment for the entire dataset, rather than providing a sample to verify the authenticity of the compromised information. The stolen data has also been published on BreachForums, accessible only through the dark web, and Taj Hotels’ IT staff has been instructed to communicate through a designated member on the forum.
As the investigation continues, more details about the extent and repercussions of the cyber-attack are eagerly awaited.
Key Points:
1. Taj Hotels, a subsidiary of Indian Hotels Company Ltd (IHCL), experienced a cyber-attack compromising personal information of over 1.5 million customers.
2. The leaked data includes addresses, membership IDs, mobile numbers, and other sensitive information from 2014 to 2020.
3. Indian government guidelines prohibit the retention of sensitive information by businesses in the hospitality sector.
4. The Indian Computer Emergency Response Team (CERT-IN) is actively investigating the breach.
5. IHCL has engaged forensic specialists to conduct a thorough investigation and protect customer details.
6. The cyber-attack involves a threat actor named “DNA Cookies” who has demanded a $5000 ransom for the stolen data.
7. The stolen data has been published on BreachForums accessible only through the dark web.
8. Taj Hotels’ IT staff has been instructed to communicate through a designated member on the forum.
9. Further details about the extent and impact of the cyber-attack are expected to emerge as the investigation progresses.