Centaur Website Reveals Guests' Personal Info

Centaur Website Reveals Guests’ Personal Info is a report published in The Economic Times on 20 June 2011. The story highlights a significant lapse in data security on the Centaur Hotels website, which exposed sensitive personal information including passports, driving licences, PAN numbers and credit card details of guests. The article also includes expert comments from Sunil Abraham, who explains the privacy implications and liabilities under Section 43 of the IT Act. This Economic Times article story originally appeared in The Times of India on the same date.

Article Details
Full Text
Context and Background
External Link

Article Details

📰 Published in:: The Economic Times
✍️ Author:: Shilpa Phadnis
📅 Date:: 20 June 2011
📄 Type:: News Report
📰 Newspaper Link:: Read Online

Full Text

Synopsis
The Centaur Hotels' website, centaurhotels.com, appears to have compromised personal information of its hotel guests.

BANGALORE: The Centaur Hotels' website, centaurhotels.com, appears to have compromised personal information of its hotel guests, in what seems to be a case of poor internet security protocols implemented by the site. This allowed website visitors on Saturday to obtain and view details of passports, driving licences, pan numbers, credit cards, and other forms of personal identification provided by its guests.

Centaur Hotels, a unit of the Hotel Corporation of India (HCI), is a wholly-owned subsidiary of the National Aviation Company of India that runs national carrier Air India. It runs a hotel near the Delhi international airport and another in Srinagar.

Around 52 scanned copies of passports of people of different nationalities, pan card details of Indian guests and driving licences were visible on the site. The page was taken down when the issue was brought to their notice. Various online facilities such as reservation are not available now. But TOI has screen shots of some of the documents. When contacted, Centaur marketing head Pradeep Garg said, "We will look into the matter. Please lodge a formal complaint. We don't have an online payment system, hence we don't collect any identification proof."

Centaurhotels.com shows the site manager as Capt Samarth Singh, who is the chief executive of a consultancy firm called Hybrid Content. But Singh said that for the past one year, the site was under the jurisdiction of a website developer in Mumbai, S Naidu. "We will, however, clarify to both the parties - Naidu and Centaur Hotels," Singh said.

He said he had sent requests to Centaur Hotels to remove his name from the hotel portal as his contract had ended. Hybrid held the contract from December 2008-April 2010. It has won the mandate to manage the site from June 1. "But the domain is not within my reach. It is still with the old registrar," Singh said.

Sunil Abraham, executive director of Centre for Internet and Society, said personal information leaked online is a breach of privacy. "Anybody collecting passport and credit card details has to follow security policies. According to Sec 43 of the IT Act 2000, the hotel shall be liable to pay damages not exceeding Rs 1 crore to every individual so affected."

Context and Background

This article captures one of the early publicised cases of a major data breach in India’s hospitality sector. Long before data protection frameworks were widely discussed, the Centaur Hotels incident revealed how poorly implemented websites could expose highly sensitive identity documents of guests.

The episode illustrates the risks associated with inadequate security practices, weak vendor oversight and fragmented responsibility for digital infrastructure. Sunil Abraham’s remarks place the breach in the context of Section 43 of the IT Act, underscoring that entities handling personal data can face significant financial liability for negligence. The article also hints at deeper systemic issues: the absence of standardised security protocols, unclear accountability between contractors and owners, and the lack of regulatory enforcement mechanisms at the time.