TRENDING:

Online Travel Booking Website Probes 'Security Anomaly'

Walmart-Owned Cleartrip Suffered a Data Breach Mihir Bagwe (MihirBagwe) • July 19, 2022    
Online Travel Booking Website Probes 'Security Anomaly'
Source: Shutterstock

A popular Indian online travel website owned by Walmart is investigating a cybersecurity incident amid indicators it suffered a major data breach.

See Also: JavaScript and Blockchain: Technologies You Can't Ignore

A spokesperson for Cleartrip said the company is investigating a "security anomaly" alongside an external forensics firm and has notified authorities.

"The detailed evaluation is still under progress… the investigation so far has indicated that limited information like name, email ID and phone number(s) are suspected to have been impacted," the company told Information Security Media Group in the early hours of Wednesday.*

Security researcher Sunny Nehra tweeted a screenshot from an underground private forum showing spreadsheets apparently containing customer data and internal files.

ISMG could not verify Nehra's statements. He did not respond to ISMG's request for details on the source of the screenshot and the price sought for the data on the darknet forum. Nehra told TechCrunch the post was pulled down within hours of its initial publication.

Indian e-commerce company Flipkart acquired Cleartrip in 2021 in a deal The Economic Times estimated was based on a valuation of $40 million. Walmart paid $16 billion in 2018 to take a controlling stake in Flipkart.

"Appropriate legal action and recourse are being evaluated and steps are being taken as per the law," Cleartrip told Information Security Media Group. India recently changed its breach reporting guidelines to mandate a six-hour reporting rule for cyber incidents.

A Cleartrip customer tweeted that he had received a company breach notification assuring him that "no sensitive data pertaining to your Cleartrip account has been compromised" and that only "some details which are part of your profile" had been leaked.

The Cleartrip incident follows other cybersecurity attacks on India's travel and tourism industry. In May, ransomware attackers targeted passenger airline SpiceJet with a ransomware attack. The company said the attempted attack was "contained," but its impact on the IT infrastructure grounded several flights across India (see: Attempted Ransomware Attack Grounds SpiceJet Flights).

*July 20, 2022 11:57 UTC: This story was updated with a Cleartrip's statement on which customer data may have been effected by the incident.

Previous
Sophos X-Ops Debuts to Thwart Complex Cyberattacks
Next
Major Takeaways: Cyber Operations During Russia-Ukraine War

About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.



Around the Network

Organization-Wide Passwordless Orchestration
Organization-Wide Passwordless Orchestration
Whistleblowing Brings Visibility to the Role of CISOs
Whistleblowing Brings Visibility to the Role of CISOs
Securing the SaaS Layer
Securing the SaaS Layer
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
Showing Evidence of 'Recognized Security Practices'
Showing Evidence of 'Recognized Security Practices'
Craig Box of ARMO on Kubernetes and Complexity
Craig Box of ARMO on Kubernetes and Complexity
Protecting the Hidden Layer in Neural Networks
Protecting the Hidden Layer in Neural Networks
The Persisting Risks Posed by Legacy Medical Devices
The Persisting Risks Posed by Legacy Medical Devices
David Derigiotis on the Complex World of Cyber Insurance
David Derigiotis on the Complex World of Cyber Insurance
Are We Doomed? Not If We Focus on Cyber Resilience
Are We Doomed? Not If We Focus on Cyber Resilience

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.