BackCleartrip confirms data breach, customer data being sold on dark web
The Flipkart-owned company further said that some details which are a part of the profile were leaked, however, the company also assured that no sensitive information was compromised.
PremiumOnline travel company Cleartrip on 18 July suffered a data breach in its internal systems, the company informed in an emailed communication to its customers.
"This is to inform you that there has been a security anomaly that entailed illegal and unauthorised access to a part of Cleartrip’s internal systems, it wrote in an email to customers.
The Flipkart-owned company further said that some details which are a part of the profile were leaked, however, the company also assured that no sensitive information was compromised.
It asked its customers to reset their password as a precautionary measure.
“We are completely mindful that this would be of concern to you. We would like to assure you that aside from some details which are a part of your profile, no sensitive information pertaining to your Cleartrip account has been compromised as a result of this anomaly of our systems. You can choose to reset your password as a precautionary measure," it wrote.
It further said that has reached out to cyber authorities and taking appropriate legal action and recourse as per the law.
“As per our protocols, we have immediately intimated the relevant cyber authorities and are taking appropriate legal action and recourse to ensure necessary steps are being taken as per the law. We regret the inconvenience caused. Thank you for your patronage and your continued trust in our brand," the email said.
Security researcher Sunny Nehra shared screenshot on Twitter and called it a massive breach.
In a tweet he wrote, “The CLEARTRIP seems to have suffered a massive data breach !! The screenshot as was posted by the threat actor (on private forum) to sell the data. As can be seen : the breach is new, customer entries info as well as internal company files are there"
The information shared by Nehra showed screenshot which indicated that the hack took place in April-May 2022 as several files.
Cleartrip is into bookings of flights and hotels through its website and mobile aps.
Recently on 17 July, Securities and Exchange Board of India (Sebi) lodged a complaint against a cyber security incident as it noticed on its e-mail system. However, capital markets regulator added that no sensitive data was stolen.
Earlier on May 25, SpiceJet reported ransomware attack which disrupted operations, leaving passengers stranded at airports. The attack slowed down flight departures, the airline said in a statement
According to a Surfshark report, Indian government’s had latest set of cyber security rules, that were notified by the Ministry of Electronics and Information Technology (Meity) on April 28, can cause more loss of data of Indian citizens to cyber breaches.
The data said that over the past 18 years, over 250 million usernames and passwords belonging to Indian users have been breached online, making India the sixth most breached nation worldwide in terms of cyber incidents.
Unlock a world of Benefits! From insightful newsletters to real-time stock tracking, breaking news and a personalized newsfeed – it's all here, just a click away! Login Now!
