TRENDING:

Online Travel Booking Website Probes 'Security Anomaly'

Walmart-Owned Cleartrip Suffered a Data Breach Mihir Bagwe (MihirBagwe) • July 19, 2022    
Online Travel Booking Website Probes 'Security Anomaly'
Source: Shutterstock

A popular Indian online travel website owned by Walmart is investigating a cybersecurity incident amid indicators it suffered a major data breach.

See Also: JavaScript and Blockchain: Technologies You Can't Ignore

A spokesperson for Cleartrip said the company is investigating a "security anomaly" alongside an external forensics firm and has notified authorities.

"The detailed evaluation is still under progress… the investigation so far has indicated that limited information like name, email ID and phone number(s) are suspected to have been impacted," the company told Information Security Media Group in the early hours of Wednesday.*

Security researcher Sunny Nehra tweeted a screenshot from an underground private forum showing spreadsheets apparently containing customer data and internal files.

ISMG could not verify Nehra's statements. He did not respond to ISMG's request for details on the source of the screenshot and the price sought for the data on the darknet forum. Nehra told TechCrunch the post was pulled down within hours of its initial publication.

Indian e-commerce company Flipkart acquired Cleartrip in 2021 in a deal The Economic Times estimated was based on a valuation of $40 million. Walmart paid $16 billion in 2018 to take a controlling stake in Flipkart.

"Appropriate legal action and recourse are being evaluated and steps are being taken as per the law," Cleartrip told Information Security Media Group. India recently changed its breach reporting guidelines to mandate a six-hour reporting rule for cyber incidents.

A Cleartrip customer tweeted that he had received a company breach notification assuring him that "no sensitive data pertaining to your Cleartrip account has been compromised" and that only "some details which are part of your profile" had been leaked.

The Cleartrip incident follows other cybersecurity attacks on India's travel and tourism industry. In May, ransomware attackers targeted passenger airline SpiceJet with a ransomware attack. The company said the attempted attack was "contained," but its impact on the IT infrastructure grounded several flights across India (see: Attempted Ransomware Attack Grounds SpiceJet Flights).

*July 20, 2022 11:57 UTC: This story was updated with a Cleartrip's statement on which customer data may have been effected by the incident.

Previous
Sophos X-Ops Debuts to Thwart Complex Cyberattacks
Next
Major Takeaways: Cyber Operations During Russia-Ukraine War

About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.



Around the Network

Mapping the Unseen Vulnerabilities of Zombie APIs
Mapping the Unseen Vulnerabilities of Zombie APIs
Supporting CISA - The 'Focal Point of Our Defensive Efforts'
Supporting CISA - The 'Focal Point of Our Defensive Efforts'
Good Governance: 'It's All Hygiene'
Good Governance: 'It's All Hygiene'
Israel-Hamas War: 'We All Know Someone That Lost Someone'
Israel-Hamas War: 'We All Know Someone That Lost Someone'
AI's Impact on Insurance and Healthcare Transformation
AI's Impact on Insurance and Healthcare Transformation
How a CEO Runs a Company in Wartime
How a CEO Runs a Company in Wartime
How Biden's AI Executive Order Will Affect Healthcare
How Biden's AI Executive Order Will Affect Healthcare
Stopping Cloud Workload Attacks
Stopping Cloud Workload Attacks
Getting a Tighter Grip on Vendor Security Risk in Healthcare
Getting a Tighter Grip on Vendor Security Risk in Healthcare
Mapping Access - and Attack - Paths in Active Directory
Mapping Access - and Attack - Paths in Active Directory

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.