Tata group hospitality company Indian Hotels Company Ltd has said that it is investigating claims of a data breach, but asserted there is no suggestion of any current or ongoing security issue. According to a report in Economic Times, personal details of about 1.5 million people may have been compromised in a data breach at the Tata-owned TajHotels group earlier this month.Indian Hotels Company Ltd (IHCL) runs a number of hospitality properties under the Taj, SeleQtions, Vivanta, and Ginger, among others. Indian Computer Emergency Response Team (CERT-In), the official cybersecurity agency, too is said to be aware of the breach.
What IHCL said
“We have been made aware of someone claiming possession of a limited customer data set which is of non-sensitive nature,” Indian Hotels Company Ltd (IHCL) spokesperson said in a statement. Asserting that safety and security of customers’ data is of paramount importance to the company, the spokesperson said, “We are investigating this claim and have notified the relevant authorities.”
The spokesperson further said, “We continue to monitor our systems and there is no suggestion of any current or ongoing security issue or impact on business operations.”
What is the ransom sought
A threat actor going by the name ‘Dnacookies’ has demanded $5,000 for the full dataset, which includes addresses, membership IDs, mobile numbers and other personally identifiable information (PII), according to people aware of the matter. The customer data is from 2014 to 2020.
We reviewed the breach post published on November 5 on the black hat hacking cybercrime marketplace BreachForums, where the threat actor provided a sample containing 1,000 rows of unique entries.
Conditions laid down by the hackers
According to the report, the hackers have set three conditions for any deal:
* A negotiator is required to reach a consensus and the person should be an administrator on the forum.
* No splitting of data will be allowed; it’s all or nothing.
* No additional samples (of data) will be provided.
Government fine for data breaches
The Digital Personal Data Protection (DPDP) Act recommends a penalty of up to Rs 250 crore on businesses (data fiduciaries) per instance of data breach and a maximum penalty of Rs 500 crore for all such breaches.
What IHCL said
“We have been made aware of someone claiming possession of a limited customer data set which is of non-sensitive nature,” Indian Hotels Company Ltd (IHCL) spokesperson said in a statement. Asserting that safety and security of customers’ data is of paramount importance to the company, the spokesperson said, “We are investigating this claim and have notified the relevant authorities.”
The spokesperson further said, “We continue to monitor our systems and there is no suggestion of any current or ongoing security issue or impact on business operations.”
What is the ransom sought
A threat actor going by the name ‘Dnacookies’ has demanded $5,000 for the full dataset, which includes addresses, membership IDs, mobile numbers and other personally identifiable information (PII), according to people aware of the matter. The customer data is from 2014 to 2020.
We reviewed the breach post published on November 5 on the black hat hacking cybercrime marketplace BreachForums, where the threat actor provided a sample containing 1,000 rows of unique entries.
Conditions laid down by the hackers
According to the report, the hackers have set three conditions for any deal:
* A negotiator is required to reach a consensus and the person should be an administrator on the forum.
* No splitting of data will be allowed; it’s all or nothing.
* No additional samples (of data) will be provided.
Government fine for data breaches
The Digital Personal Data Protection (DPDP) Act recommends a penalty of up to Rs 250 crore on businesses (data fiduciaries) per instance of data breach and a maximum penalty of Rs 500 crore for all such breaches.
Denial of responsibility! Swift Telecast is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – swifttelecast.com. The content will be deleted within 24 hours.