INSUBCONTINENT EXCLUSIVE:
Tata group hospitality company Indian Hotels Company Ltd has said that it is investigating claims of a data breach, but asserted there is no
suggestion of any current or ongoing security issue
According to a report in TheIndianSubcontinent, personal details of about 1.5 million people may have been compromised in a data breach at
the Tata-owned TajHotels group earlier this month.Indian Hotels Company Ltd (IHCL) runs a number of hospitality properties under the Taj,
SeleQtions, Vivanta, and Ginger, among others
Indian Computer Emergency Response Team (CERT-In), the official cybersecurity agency, too is said to be aware of the breach.What IHCL
said"We have been made aware of someone claiming possession of a limited customer data set which is of non-sensitive nature," Indian Hotels
Company Ltd (IHCL) spokesperson said in a statement
Asserting that safety and security of customers' data is of paramount importance to the company, the spokesperson said, "We are
investigating this claim and have notified the relevant authorities."The spokesperson further said, "We continue to monitor our systems and
there is no suggestion of any current or ongoing security issue or impact on business operations."What is the ransom soughtA threat actor
personally identifiable information (PII), according to people aware of the matter
The customer data is from 2014 to 2020.We reviewed the breach post published on November 5 on the black hat hacking cybercrime marketplace
BreachForums, where the threat actor provided a sample containing 1,000 rows of unique entries.Conditions laid down by the hackersAccording
to the report, the hackers have set three conditions for any deal:* A negotiator is required to reach a consensus and the person should be
provided.Government fine for data breachesThe Digital Personal Data Protection (DPDP) Act recommends a penalty of up to Rs 250 crore on
businesses (data fiduciaries) per instance of data breach and a maximum penalty of Rs 500 crore for all such breaches.
