Flipkart-owned Cleartrip suffers cyber attack; customer data put on sale
Cleartrip, the Flipkart-owned travel-booking platform, has been at the receiving end of an attack from hackers. The stolen data was later spotted on a private, invite-only forum on the dark web by security researcher Sunny Nehra. The company confirmed the attack through an email to its customer. Found in 2006, Cleartrip was acquired by Walmart in April last year for $40 million.
Why does this story matter?
Incidences of cyber attacks and data breaches have been increasing in India. The country is now ranked sixth in the number of data breaches, according to Surfshark, a cybersecurity company. This year has seen an increase in attacks on high-profile organizations, including SEBI and SpiceJet. Cleartrip is the new entrant to this list. It is unclear who was behind the attack.
No sensitive information has been compromised: Cleartrip
Cleartrip said that only some details of the customer's profile have been compromised in the data breach. The company made it clear that no sensitive details about the customer's Cleartrip account have been stolen. However, the exact nature of the breach is yet to be known. According to Nehra, along with customer and revenue information, files on 'GST on advance working' were on sale.
It could be an insider job
The kind of files stolen in the data breach points to an insider being involved. However, we will have concrete information only after a probe is conducted. The files posted in the dark web forum were later pulled.
The company called it "a security anomaly"
In the email to customers, Cleartrip said, "This is to inform you that there has been a security anomaly that entailed illegal and unauthorized access to a part of Cleartrip's internal system." "We would like to assure you that aside from some details which are a part of your profile, no sensitive information pertaining to your Cleartrip account" has been compromised.
Cleartrip has availed the services of an external forensics team
After informing customers about the data breach, the company added that it is pursuing necessary legal action and recourse. It has also roped in an external forensics team to help with the matter.
