IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Flipkart’s Cleartrip suffers “massive” data breach

The Indian online travel company notified customers yesterday of the breach which seems to have taken place between April and May 2022

The Indian online travel company Cleartrip revealed it has been affected by a data breach, which one security researcher described as “massive”.

The company said there had been a security anomaly that entailed illegal and unauthorised access to a part of its internal systems, it told customers in an email sent yesterday.

Cleartrip assured customers that aside from some details which are part of their profile, no sensitive information belonging to their account had been compromised as a result of the anomaly of its systems. The travel company said that customers could choose to reset their passwords as a precautionary measure.

“As per our protocols, we have immediately intimated the relevant cyber authorities and are taking appropriate legal action and recourse to ensure necessary steps are being taken as per the law,” the company stated in the email.

However, security researcher Sunny Nehra said that the company seems to have suffered a massive data breach. Nehra found that the threat actor posted a screenshot of the stolen data on a private forum to sell the data.

Nehra added that the breach is new and includes customer entries as well as internal company files. There are several files, including “B2C Customer Entries” and “09_India_hotel_sale”. The screenshot also appears to show that the hack may have taken place between April and May 2022.

“We have identified a security anomaly in a few of our internal systems,” a Cleartrip spokesperson told IT Pro. “Our information security team is currently investigating the matter along with a leading external forensics partner and is taking the necessary action. Appropriate legal action and recourse are being evaluated and steps are being taken as per the law.”

Cleartrip is a global online travel company headquartered in Mumbai which operates in India and the Middle East. It has offices in India, the UAE, Saudi Arabia, and Egypt. In April 2021, it was acquired by the Indian e-commerce giant Flipkart, which claims to have over 100 million registered users.

It’s not the only Indian company to be targeted by attackers recently, as a flood monitoring system in Goa was hit with ransomware last week. Cyber attackers demanded Bitcoin in return for decrypting the data after striking the Water Resource Department’s flood monitoring system with a ransomware attack on 21 June.

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Recommended

Google announces new cloud regions in Asia Pacific
cloud computing

Google announces new cloud regions in Asia Pacific

10 Aug 2022
South Korean public sector organisations targeted by Gwisin ransomware
ransomware

South Korean public sector organisations targeted by Gwisin ransomware

8 Aug 2022
APAC region to lose 63 million jobs to automation by 2040
automation

APAC region to lose 63 million jobs to automation by 2040

8 Aug 2022
Cyber attacks rain on Taiwan during Pelosi visit
cyber warfare

Cyber attacks rain on Taiwan during Pelosi visit

5 Aug 2022

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
Google is now spending a staggering amount on blockchain
Business strategy

Google is now spending a staggering amount on blockchain

17 Aug 2022
UK water supplier confirms hack by Cl0p ransomware gang
ransomware

UK water supplier confirms hack by Cl0p ransomware gang

16 Aug 2022