Indian Hotels Company Limited (IHCL) is investigating a data breach incident which resulted in loss of data pertaining to 1.5 million customers. “We have been made aware of someone claiming possession of a limited customer data set which is of non-sensitive nature. Safety and security of our customers’ data is of paramount importance to us. We are investigating this claim and have notified the relevant authorities,” IHCL said.
The group owns luxury, leisure, midscale hotel brands and runs 193 properties in eleven countries. Over forty per cent of properties are under the iconic Taj brand.
“We continue to monitor our systems and there is no suggestion of any current or ongoing security issue or impact on business operations,” IHCL added.
The group issued a statement in response to a media report which said that a threat actor had demanded $5,000 for full data set which included addresses, membership IDs, mobile numbers and other personal identifiable information. The data in question is of 2014-20 period.
“Digital Personal Data Protection Act has been notified but rules under it have not been framed and thus law is not yet implementable. However since IHCL operates in various foreign jurisdictions it will also be bound by local data protection laws and will have to adhere to them,” said Suhas Chakma, Director, Rights and Risks Analysis Group.