Taj Hotels group faces potential data breach

Taj Hotels Group, a Tata-owned hotel chain, is under scrutiny for a potential data breach that could have exposed the personal information of approximately 1.5 million people. The incident reportedly occurred earlier in November, according to media reports.

Responding to the news, the hotel group acknowledged the investigation into the matter. However, it underlined that there is no indication of any existing or ongoing security threats.

The data breach came to light when a threat actor identified as "Dnacookies" allegedly demanded $5,000 for the complete dataset. This dataset reportedly contains sensitive customer information such as addresses, membership IDs, and mobile numbers, spanning the years 2014 to 2020.

According to the reports, Dnacookies asserted that the compromised consumer data has not been shared with anyone thus far. The threat actor outlined three conditions for ransom negotiations, including the presence of a designated forum admin as a mediator, a commitment not to distribute the data, and a refusal to provide additional data samples.

In response to these claims, Indian Hotels Company Ltd (IHCL), the parent company of Taj Hotels Group, released a statement acknowledging the situation. An IHCL spokesperson mentioned that the exposed customer dataset is of a non-sensitive nature. They confirmed that both the cybersecurity watchdog and the Indian Computer Emergency Response Team (CERT-In) have been notified of the breach.

"We are investigating this claim and have notified the relevant authorities," the spokesperson stated, underscoring the company's commitment to prioritising the safety and security of customer data.”

The hotel group asserted that it is actively monitoring its systems, reiterating that there is no current indication of security issues affecting ongoing business operations.

IHCL, responsible for managing various hospitality properties under brands like SeleQtions, Vivanta, and Ginger, among others, faces a critical situation as it navigates the aftermath of this potential data breach. The company's efforts to address the issue and collaborate with authorities are essential in safeguarding customer trust and maintaining the integrity of its operations.