In a recent statement to the Parliament of India, on 19 June 2022, The Minister of State of Home Affairs, Shri Ajay Kumar Mishra, informed that a total of 6,74,021 cyber security incidents were reported from Jan 2022 to Jun 2022 in India. The Cyber Security posture of India is ever challenged on a daily basis with over 3000 recorded incidents a day. On 18 Jul 2022, the flight booking platform “Cleartrip” was also subjected to a cyber attack, in which the platform reported a ‘Customer Data Breach’.
The report did not provide the exact intensity of the attack or damage, but has sensitized it customers to take appropriate action, as its database has been breached by an unauthorised intruder. It was also informed that no major loss or setback has been noticed. However, the firm has taken appropriate action to protect the Customer Information. As the leak of hack has been to the companies database related to the customer profile, and that the loss is not vital in nature. However, they did not rule out the the leak of a few personal details.
The Start-up (Cleartrip-Flipkart) also informed that an FIR in this regard has been done, and also added that it is pursuing necessary legal action and recourse. The company has also roped in an external forensics team to help with the matter. Though the breach had been detected in the internal system, the services has been got up, and there is no drastic impact on the routine business.
The stolen data was later spotted on a private, invite-only forum on the dark web by security researcher Sunny Nehra (Name quoted, may be a psudo-name). Nehra, has also claimed that the data contains revenue information, files on ‘GST on advance working’, along with the customer details, and announced that all this and more is available on sale.
Cleartrip, the Flipkart-owned travel-booking platform, was founded in year 2006. The Start-up was later acquired by Walmart in April last year for $40 million in year 2021 for 100% stake. The platform has its core business in India, and also caters for the outside market as a travel-booking service with hotel booking facility.
Advise to Customers of Cleartrip
The customer of Cleartrip, is thus sensitized and advises to login to their account on the website “www.cleartrip.com” and change the password of their credentials. Consumer are also required to ensure that a strong password is provided on the portal. One may also review the linked Payment Credentials or Card Details, prior to checking-out from the process of reviewing of credentials.
Cleartrip has also announced that the team is also on the job to pull down all the data pertaining to its users and the portal from the Dark web.