Approximately 1.5 million individuals' personal information may have been compromised in a recent data breach at the Taj Hotels group, which is owned by Tata. This information comes from a report by the Economic Times.
Taj Hotels group faces a data breach impacting 1.5 million individuals, with a demand for $5,000 for a dataset containing sensitive personal information
Approximately 1.5 million individuals' personal information may have been compromised in a recent data breach at the Taj Hotels group, which is owned by Tata. This information comes from a report by the Economic Times.
People familiar with the situation report that an individual known by the name 'Dnacookies' is demanding $5,000 in exchange for the entire dataset. This dataset includes personal information like addresses, membership IDs, mobile numbers, and other personally identifiable information (PII).
This news arrives at a time when there has been a surge in incidents of data breaches and identity theft, such as the proliferation of deepfakes, within the online domain.
“We have been made aware of someone claiming possession of a limited customer data set which is of a non-sensitive nature, safety and security of our customers’ data is of paramount importance to us,” a representative from Indian Hotels Company Ltd (IHCL), the entity overseeing the Taj Group, stated.
The incident is said to have occurred earlier this month.
The individual behind the threat disclosed that the customer data pertains to the period from 2014 to 2020 and has not been shared with anyone thus far. The person-outlined three requirements for any potential agreement. The initial notification of this incident came from an anonymous security researcher.
The IHCL spokesperson mentioned that company officials are currently looking into the assertion and have informed the authorities. IHCL is actively overseeing its systems, and the spokesperson emphasized that there is no indication of any existing or ongoing security issues or disruptions to business operations.
Dnacookies explicitly stated that the data will not be divided and that it must be either acquired in its entirety or not at all.