Site icon News Update

Cleartrip suffers customer data breach, asks to reset password

Cleartrip suffers customer data breach, asks to reset password

Online travel company Cleartrip on 18 July said that it has suffered a major data breach in its internal systems, in an emailed communication to customers on Monday.

“This is to inform you that there has been a security anomaly that entailed illegal and unauthorised access to a part of Cleartrip’s internal systems, it wrote in an email to customers.

The Flipkart-owned company further said that some details which are a part of the profile were compromised, however, the company also assured that no sensitive information was compromised.

It asked its customers to reset their password as a precautionary measure.

“We are completely mindful that this would be of concern to you. We would like to assure you that aside from some details which are a part of your profile, no sensitive information pertaining to your Cleartrip account has been compromised as a result of this anomaly of our systems. You can choose to reset your password as a precautionary measure,” it wrote.

It further said that has reached out to cyber authorities and taking appropriate legal action and recourse as per the law. 

“As per our protocols, we have immediately intimated the relevant cyber authorities and are taking appropriate legal action and recourse to ensure necessary steps are being taken as per the law. We regret the inconvenience caused. Thank you for your patronage and your continued trust in our brand,” the email said.

Security researcher Sunny Nehra shared screenshot on Twitter and called it a massive breach. 

In a tweet he wrote, “The CLEARTRIP seems to have suffered a massive data breach !! The screenshot as was posted by the threat actor (on private forum) to sell the data. As can be seen : the breach is new, customer entries info as well as internal company files are there”

The information shown by in the screenshot indicates the hack took place recently, with several file names referencing May 2022

Cleartrip is into bookings of flights and hotels through its website and mobile aps. 

Earlier on May 25, SpiceJet reported ransomware attack which disrupted operations, leaving passengers stranded at airports. The attack slowed down flight departures, the airline said in a statement

In February 2021, Air India’s data processor faced data breach suffering 10 years’ worth of the national carrier’s customer data including credit cards, passports and phone numbers have been leaked Air India’s passenger service system provider, SITA, was hacked. This resulted in the theft of the personal data of 4.5 million passengers.

According to a report Surfshark, Indian government’s had latest set of cyber security rules, that were notified by the Ministry of Electronics and Information Technology (Meity) on April 28, can cause more loss of data of Indian citizens to cyber breaches. 

The data said that over the past 18 years, over 250 million usernames and passwords belonging to Indian users have been breached online, making India the sixth most breached nation worldwide in terms of cyber incidents.

Catch all the Technology News and Updates on Live Mint.
Download The Mint News App to get Daily Market Updates & Live Business News.

More
Less

Subscribe to Mint Newsletters

* Enter a valid email

* Thank you for subscribing to our newsletter.

First article

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsUpdate is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@newsupdate.uk. The content will be deleted within 24 hours.
Exit mobile version