Explained: Inside Taj Hotel data breach; A look at ransom demands and hacker conditions

Tata group's hospitality arm, Indian Hotels Company Ltd (IHCL), is investigating claims of a data breach within its Taj Hotels group. Despite the reported breach, IHCL emphasizes that there's no current security threat. An estimated 1.5 million individuals' personal information might have been compromised in the breach, as per reports from Economic Times.

According to an IHCL spokesperson, the data accessed appears to be non-sensitive. The company reiterates its commitment to safeguarding customer data and has promptly notified the relevant authorities. Despite the ongoing investigation, IHCL asserts that there's no ongoing security threat impacting its operational functions.

Silkyara tunnel rescue operation: Trapped workers to receive board games for stress relief amid delays

Ransom and Hacker Conditions

The threat actor, identified as 'Dnacookies', has demanded a $5,000 ransom for the complete dataset, containing details ranging from addresses to membership IDs and mobile numbers. The compromised customer data spans from 2014 to 2020. Reports indicate that 'Dnacookies' released a sample of 1,000 unique entries on the BreachForums, a black hat hacking cybercrime marketplace.

Hacker Demands and Stipulations

The hackers have stipulated specific conditions for any potential deal: negotiations must occur through an administrator, the entire dataset must be purchased without division, and no additional data samples will be provided. These demands pose challenges for any potential resolution.

'Panauti-E-Azam...' Congress repeats jibe against PM Modi despite EC rap

Regulatory Implications and Fines

The breach raises significant concerns amid India's Digital Personal Data Protection (DPDP) Act. The act includes provisions for substantial penalties of up to Rs 250 crore per instance of a data breach and a maximum cumulative penalty of Rs 500 crore for multiple breaches by data fiduciaries like IHCL.