Cyber Incident Victim: Cleartrip
Date:
May 2022
Location:
India
Summary
Cleartrip, an Indian flight booking platform owned by Flipkart, experienced a data breach involving unauthorized access to its internal systems through a security anomaly, compromising limited customer information including names, email addresses, and phone numbers. The company engaged external forensic experts and notified Indian cyber authorities while preparing for potential legal action, though the scope of impacted individuals remained undetermined. Stolen data samples shared online indicated recent unauthorized access, with security researchers observing hacker-posted records containing customer and vendor details on private forums. The incident aligns with broader targeting of India's aviation sector, which has faced multiple cybersecurity compromises affecting passenger data and operational disruptions in recent years.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Cleartrip, an Indian flight booking platform owned by Flipkart (a Walmart subsidiary), publicly disclosed a data breach on July 18, 2022, via customer notifications and statements to media outlets. The company attributed the incident to a "security anomaly" that enabled unauthorized access to portions of its internal systems. While Cleartrip did not specify the breach timeline, evidence emerged suggesting May 2022 involvement after security researcher Sunny Nehra shared forum screenshots showing hackers advertising stolen data with filenames referencing that month. The compromised information included customer and vendor details, specifically names, email addresses, and phone numbers according to the company’s preliminary investigation. Cleartrip declined to confirm the total number of affected individuals or whether technical vulnerabilities had been remediated.
In response, Cleartrip engaged an external forensic firm to investigate the breach’s scope and origins while coordinating with Indian cybersecurity authorities. The company prepared potential legal actions but did not disclose specific measures taken to secure its systems beyond general assurances. This incident occurred amid heightened targeting of India’s aviation sector, exemplified by SpiceJet’s May 2022 ransomware attack that disrupted flights and Air India’s 2021 breach exposing 4.5 million passenger records through a third-party provider. Cleartrip’s breach notification email emphasized limited data exposure but provided no additional remediation guidance to customers beyond urging vigilance. The company maintained ongoing internal reviews without further public updates on forensic findings or regulatory outcomes at the time of reporting.