Taj, an upscale hotel chain and a subsidiary of the Indian Hotels Company Limited (IHCL), with its headquarters in Mumbai, has succumbed to a data breach, jeopardizing the personal information of over 1.5 million customers.
An individual using the online moniker “Dnacookies” has claimed responsibility for the Taj Hotel data breach and is now demanding a ransom of US$5,000 (approximately Rs 4.16 lakh) for the complete dataset.
The exposed information in the Taj Hotel data breach reportedly includes customer addresses, membership IDs, mobile numbers, and other personally identifiable details.
In an exclusive response to The Cyber Express team, IHCL acknowledged the situation, stating, “We have been made aware of someone claiming possession of a limited customer data set, which is of non-sensitive nature. Safety and security of our customers’ data is of paramount importance to us.”
Reassurance Amidst Taj Hotel Data Breach Claim
Despite the severity of the breach, Taj Hotel emphasized that there is no indication of any existing security issues or ongoing impact on business operations. The hotel group assured its customers that it is actively monitoring its systems to ensure the continued security of sensitive information.
The hacker, “Dnacookies,” asserted that the compromised dataset spans the years 2014 to 2020 and has not been disclosed anywhere prior to this incident. The threat actor outlined three conditions for the ransom negotiation.
Firstly, they demanded the presence of a middle person with administrative privileges in the negotiation forum. Secondly, it was explicitly stated that there would be no splitting of data, and finally, no additional samples of the dataset would be provided.
Taj Hotel Data Breach: Investigation Going on
Taj Hotel confirmed that both the cybersecurity watchdog and the Indian Computer Emergency Response Team (CERT-In) are aware of the breach. The hotel group is collaborating with relevant authorities to address the situation promptly and thoroughly.
 “We are investigating this claim and have notified the relevant authorities. We continue to monitor our systems, and there is no suggestion of any current or ongoing security issue or impact on business operations,” said IHCL spokesperson.
It is noteworthy that in addition to Taj, IHCL operates various hospitality properties under different brands, including SeleQtions, Vivanta, Ginger, and others.
The Taj Hotel data breach raises concerns about the vulnerability of customer data in the hospitality industry and highlights the need for robust cybersecurity measures to safeguard sensitive information.
Authorities are expected to closely investigate the matter, and the wider implications of the Taj Hotel data breach remain to be seen.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.