Cleartrip confirms data breach of internal systems

Cleartrip confirms it experienced what it calls a “security anomaly” following reports of a data breach.

As reported by TechCrunch and security researcher Sunny Nehra , hackers were selling data from the Flipkart-owned Indian online travel agency on a “private, invite-only forum on the dark web.”

According to a tweet from Nehra on July 18, the breach appears “new”- with file names in a screen grab containing dates as recent as June 2022 - and includes “customer entries info as well as internal company files.”

When reached for comment, a Cleartrip spokesperson says: “We have identified a security anomaly in a few of our internal systems. Our information security team is currently investigating the matter along with a leading external forensics partner and is taking the necessary action. Appropriate legal action and recourse are being evaluated and steps are being taken as per the law.”

Cleartrip also sent a message to customers informing them of the security breach, claiming that while some profile details were accessed, “no sensitive information pertaining to your Cleartrip account has been compromised as a result of this anomaly of our systems.”

Indian e-commerce brand Flipkart acquired Cleartrip for an undisclosed sum in April 2021. In February of this year, it was announced that Wego had purchased the Middle East business interests of Cleartrip. The agreement is expected to close in the second half of 2022.