Flipkart’s Cleartrip suffers “massive” data breach
The Indian online travel company notified customers yesterday of the breach which seems to have taken place between April and May 2022


The Indian online travel company Cleartrip revealed it has been affected by a data breach, which one security researcher described as “massive”.
The company said there had been a security anomaly that entailed illegal and unauthorised access to a part of its internal systems, it told customers in an email sent yesterday.
Cleartrip assured customers that aside from some details which are part of their profile, no sensitive information belonging to their account had been compromised as a result of the anomaly of its systems. The travel company said that customers could choose to reset their passwords as a precautionary measure.
“As per our protocols, we have immediately intimated the relevant cyber authorities and are taking appropriate legal action and recourse to ensure necessary steps are being taken as per the law,” the company stated in the email.
However, security researcher Sunny Nehra said that the company seems to have suffered a massive data breach. Nehra found that the threat actor posted a screenshot of the stolen data on a private forum to sell the data.
Nehra added that the breach is new and includes customer entries as well as internal company files. There are several files, including “B2C Customer Entries” and “09_India_hotel_sale”. The screenshot also appears to show that the hack may have taken place between April and May 2022.
“We have identified a security anomaly in a few of our internal systems,” a Cleartrip spokesperson told IT Pro. “Our information security team is currently investigating the matter along with a leading external forensics partner and is taking the necessary action. Appropriate legal action and recourse are being evaluated and steps are being taken as per the law.”
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Cleartrip is a global online travel company headquartered in Mumbai which operates in India and the Middle East. It has offices in India, the UAE, Saudi Arabia, and Egypt. In April 2021, it was acquired by the Indian e-commerce giant Flipkart, which claims to have over 100 million registered users.
It’s not the only Indian company to be targeted by attackers recently, as a flood monitoring system in Goa was hit with ransomware last week. Cyber attackers demanded Bitcoin in return for decrypting the data after striking the Water Resource Department’s flood monitoring system with a ransomware attack on 21 June.
Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.
-
CyberOne appoints Microsoft’s Tracey Pretorius to its advisory board
News The threat intelligence leader will provide strategic guidance to CyberOne’s executive team
By Daniel Todd
-
CISA issues warning in wake of Oracle cloud credentials leak
News The security agency has published guidance for enterprises at risk
By Ross Kelly
-
Latitude Financial's data policies questioned after more than 14 million records stolen
News Some of the data is from at least 2005 and includes customers’ name, address, and date of birth
By Zach Marzouk
-
Latitude hack now under state investigation as customers struggle to protect their accounts
News The cyber attack has affected around 330,000 customers, although the company has said this is likely to increase
By Zach Marzouk
-
IDCARE: Meet the cyber security charity shaping Australia and New Zealand's data breach response
Case Studies IDCARE is recruiting a reserve army to turbocharge the fightback against cyber crime not just in the region, but in the interests of victims all over the world
By Zach Marzouk
-
Australia commits to establishing second national cyber security agency
News The country is still aiming to be the most cyber-secure country in the world by 2030
By Zach Marzouk
-
Medibank bleeds $26 million in cyber costs following hack
News The company believes this figure could rise to $45 million for the 2023 financial year
By Zach Marzouk
-
TikTok's two new European data centres to address data protection concerns
News The company is under pressure to prove its user data isn’t being accessed by the Chinese state
By Zach Marzouk
-
Cyber attack on Australia’s TPG Telecom affects 15,000 customers
News It is the third cyber attack on a major Australian telco since October
By Zach Marzouk
-
Telstra blames IT blunder for leak of 130,000 customer records
News Australia’s biggest telco said that the error was due to a mismanagement of databases and not a cyber attack
By Zach Marzouk