SUMMARY
In an email to its customers, Cleartrip said that personal details of some customers were leaked, but no sensitive information was compromised
Appropriate legal action and recourse are being evaluated and steps are being taken as per the law: Cleartrip
Our information security team is currently investigating the matter, along with a leading external forensics partner, and is taking the necessary action: Cleartrip
Online travel aggregator (OTA) cleartrip
’s internal systems have been hit by a major data breach.
In an email sent to its customers on Monday (July 18), the company said that personal details of some customers were leaked, but no sensitive information was compromised.
“This is to inform you that there has been a security anomaly that entailed illegal and unauthorised access to a part of Cleartrip’s internal systems,” the email read.
Elaborating on the data breach, the company said, “We are completely mindful that this would be of concern to you. We would like to assure you that aside from some details which are a part of your profile, no sensitive information pertaining to your Cleartrip account has been compromised as a result of this anomaly of our systems.”
The travel major has reached out to authorities and is taking appropriate legal action in response to the incident. It has also roped in an external forensics team to probe the matter.
“We have identified a security anomaly in a few of our internal systems. Our information security team is currently investigating the matter, along with a leading external forensics partner and is taking the necessary action. Appropriate legal action and recourse are being evaluated and steps are being taken as per the law,” a Cleartrip spokesperson told Inc42.
In April last year, Cleartip was acquired by Walmart-owned Flipkart in a distress sale. Prior to that, the startup was pummeled by the global pandemic outbreak which led to a collapse in demand for travel.
Cleartrip, founded in 2006 by Hrush Bhatt, Matthew Spacie and Stuart Crighton, had raised $56 Mn from a hoist of investors before getting acquired by Walmart for $40 Mn.
Notably, the company had also suffered a data breach in 2017 when its website was defaced for a few minutes by a group called Turtle Squad.
Earlier last week, the Securities and Exchange Board of India (SEBI) also lodged an FIR in connection with a cyber security incident that involved its email system. Prior to that, Ahmedabad police officials claimed that hacker groups had targeted more than 2,000 websites and leaked databases as part of a purported ‘cyber war’ launched against India.
