TechCrunch reports that major travel technology firm Mondee has leaked sensitive customer data through an exposed Oracle cloud-based database, which it has since secured.
Over 1.7 TB of data has been exposed in the breach, including customers' names, birthdates, gender, home addresses, passport numbers, and flight information, most of which were from Mondee's travel agent platform subsidiary TripPro, according to cybersecurity researcher Anurag Sen, who discovered the insecure database to be accessible to anyone using Mondee's IP address.
Further analysis by TechCrunch noted the inclusion of complete customer passenger name records, credit card numbers, and expiry dates, none of which have been encrypted.
Mondee has neither confirmed the incident nor responded to any queries surrounding the exposure of the database, which was initially identified as insecure late last month.
No details regarding the company's plans to notify clients whose data may have been compromised by the incident have been provided.
