An Indian flight booking website majority-owned by US retail giant Walmart suffered a data breach, but says little about what happened or the risks to customers.
News of the breach emerged on Monday, when customers received a message described in the tweet below.
@Cleartrip Could you tell us when the breach happened? pic.twitter.com/JvMLT1pAp9
— Jayesh Kumar (@Jayesh_Kumar) July 18, 2022
Although the message to customers assures them that “no sensitive information regarding your Cleartrip account” has been exposed, it leaves open the possibility that information relevant to other matters has been accessed. The register therefore asked Cleartrip how attackers could access its systems, what data was exposed, if this data was encrypted, if information was exfiltrated, when the breach was detected, when the company notified users and how the Company plans to change its Infosec practices in response to the breach.
A spokesperson responded with the following:
We are sure this is a comfort to Cleartrip customers, especially as the Indian media reports that Cleartrip’s data has been put up for sale on the dark web.
The CLEARTRIP seems to have suffered a massive data breach!!
The screenshot as it was posted by the threat actor (on a private forum) to sell the data. As we can see: the breach is new, the customer input information and the company’s internal files are there.#cyber security #Cyber-attack pic.twitter.com/ldAM2JtsCb
— Sunny Nehra (@sunnynehrabro) July 18, 2022
Air India admits data breach affecting 4.5 million customers and stayed on the news for five weeks
READ MORE
One more thing to worry about: Although Cleartrip is based in Mumbai and targets the Indian market, it happily serves customers everywhere. Maybe it’s worth checking who you bought that cheap ticket from back then?
We also asked Cleartrip whether it had complied with India’s recently introduced requirements to report the incident within six hours of detection. At the time of this writing, we have not had a response to this request.
Cleartrip was acquired by Indian e-commerce player Flipkart in 2021. Flipkart itself is 70% owned by Walmart. Chinese Tencent also owns part of Flipkart. All parties now have a mess to consider. ®
