The Tata-owned Taj Hotels Group suffered a data breach that exposed the information of more than 1.5 million customers, a news report said.
According to a report by CNBC-TV18, a bad actor going by the handle, “Dnacookies” demanded $5,000 (roughly Rs. 4.16 lakh) as ransom for the entire dataset. This apparently includes addresses, membership IDs, mobile numbers and other personally identifiable information, according to sources close to the publication.
“We have been made aware that someone is claiming possession of a limited customer data set, which is non-sensitive in nature,” a spokesperson for Indian Hotels Company Limited (IHCL), which runs the Taj Group, told CNBC-TV18. .
The bad actor claims that the data set contains data from the period 2014-2020 and has not been published anywhere until now. The Economic Times reviewed the breach post on a hacker forum, which appeared on November 5. The bad actor also provided a sample containing a thousand rows of unique entries.
An IHCL spokesperson said the company was “investigating the claim and has informed the relevant authorities”, adding that it would continue to “monitor its systems”.
Sources told CNBC-TV18 that the Indian Computer Emergency Response Team (CERT-In) was also aware of the breach and is investigating the matter.
The bad actor supposedly makes three demands – 1) Any negotiable contract needs to have a middle-man. 2) There will be no partitioning of the data, it will be either all or nothing and 3) no oversampling of the data will be provided.