Taj Hotel Group reports data breach, exposing data of 1.5 million guests

The Taj Group of hotels, under the umbrella of Tata, is a target of a significant data breach exposing personal details of approximately 1.5 million guests and currently listed for sale on the dark net forum BreachForums. The seller, identified as 'Dnacookies', is offering the data set for $5,000. The incident was initially noticed on November 5 when a breach post accompanied by a sample of one thousand unique entries was made public on hacker forums.

This data encompasses information gathered between 2014 and 2020, including sensitive personal identifiers such as

• names,
• residential addresses,
• membership IDs,
• mobile numbers,
• dates of birth,
• other key details that could potentially be exploited for identity theft.

No details are available about the nature of the attack.

The Indian Hotels Company Limited (IHCL), the entity managing the Taj Group, has publicly recognized the issue. They describe the leak as a non-sensitive subset of customer data. IHCL has initiated a thorough investigation and has informed the necessary regulatory bodies. They have also reassured stakeholders of their commitment to the stringent safeguarding of customer data and the active monitoring of their cybersecurity infrastructure.

IHCL's statements have downplayed the sensitivity of the breached data, yet the incident has triggered an investigation by the Indian Computer Emergency Response Team (CERT-In), indicating the severity of the cyberattack.