Excerpt from MINT Article, Published on Nov 23, 2023 

Reports have surfaced indicating a potential data breach within the Tata-owned hotel group, raising concerns for the security of approximately 1.5 million customers. The Economic Times reported the alleged breach, which suggests a compromise of personal information and prompts Taj Hotels Group to launch an urgent investigation.

While Taj Hotels confirmed the investigation, they vehemently denied any existing security vulnerabilities. The incident, reportedly occurring earlier in November, has prompted a swift response from the conglomerate, assuring customers of their commitment to addressing the matter.

As per the Economic Times’ findings, the breach involved a threat actor known as “Dnacookies,” who purportedly holds a substantial dataset containing sensitive customer information. This data, spanning from 2014 to 2020, encompasses details such as addresses, membership IDs, and mobile numbers, among others. The threat actor has demanded a ransom of $5,000 (equivalent to ₹4,16,549) for the entire dataset.

Expressing intentions to safeguard the data’s confidentiality, “Dnacookies” set forth conditions requiring an intermediary, specifically an admin-designated individual, for negotiation purposes. They explicitly stated their refusal to distribute or provide additional data samples.

In response to these claims, the Indian Hotels Company Ltd. (IHCL) spokesperson addressed the situation, stating, “We have been made aware of someone claiming possession of a limited customer data set that is of a non-sensitive nature.”

The ongoing investigation underscores the hotel group’s commitment to protecting customer privacy and signifies the increasing urgency for robust cybersecurity measures to safeguard positive information within the hospitality sector.

To delve deeper into this topic, please read the full article on MINT