Taj Hotels Faces Data Breach Exposing Information of 1.5 Million Customers
Taj Hotels, owned by Tata, has experienced a data breach affecting over 1.5 million customers. A bad actor using the handle “Dnacookies” has reportedly demanded a $5,000 ransom for the complete dataset, which is said to include addresses, membership IDs, mobile numbers, and other personally identifiable information.
The breach is claimed to cover data from the period 2014 to 2020. The hacker, in a post on hacker forums, provided a sample with one thousand rows of unique entries.
The source CNBC-TV18 spoke to said the Indian Computer Emergency Response Team (CERT-In) was also aware of the breach and is investigating the matter. The bad actor has supposedly made three demands – 1) There needs to be a middle-man for any negotiable deal. 2) There will be no splitting of data, it will either be all or nothing and 3) No additional samples of the data will be provided.
The Indian Hotels Company Ltd. (IHCL), which manages the Taj Group, stated that the compromised dataset is non-sensitive in nature. The Indian Computer Emergency Response Team (CERT-In) is reportedly investigating the breach. The hacker has specified conditions for negotiation, including the involvement of a middleman and no provision of additional data samples.