The internal systems of a renowned flight booking site in India, Cleartrip, disclosed a data breach attack that might have compromised the personal information of the yet unidentified impacted individuals. The management of the booking site also shared that they are now investigating the incident along with third-party security experts.
A Cleartrip representative stated that the breach affected only limited sensitive information, including people’s full names, email addresses, and contact details. Moreover, the flight booking firm would apply legal measures if necessary upon learning more about the cyberattack.
Last July 18, Cleartrip sent their customers an email to notify them about a data breach and warned them about potential attacks.
The Indian flight booking site explained that a suspected security anomaly had given the threat actors unauthorised access to a part of their internal systems. However, when asked when the data breach incident occurred and what is the scope of the affected individuals, Cleartrip refused to answer.
Cleartrip had also failed to respond when asked about any existing vulnerabilities in their platform and if they were resolved.
Furthermore, a security researcher revealed a few screenshots on Twitter where a preview of stolen files from the Indian flight booking firm was posted on an underground forum by a hacker. The files from the screenshot showed massive data that might contain customers’ and vendors’ highly sensitive information.
Based also on the shared screenshot, it shows that the data breach incident could have transpired very recently, with some file names referenced last May.
In related news, it seemed India’s airline sector had been a frequent target for threat actors. Just last month, SpiceJet airline’s operation was disrupted after being hit with a ransomware attack from an unknown malicious group. The same airline firm was also targeted by hackers a couple of years back, to which they lost over a million of their passengers’ and personnel’s databases, including the data of government officials.
Air India, another Indian-based airline company, was also hit by hackers last May, wherein hackers managed to steal about 4.5 million worth of passengers’ personal information.
