Hackers stole published passengers personal data from TAP system

Reading Time: 2 minutes

Portugal’s flag carrier TAP told customers on Thursday that hackers had stolen some of their personal data and published it on the dark web, although the state-owned airline said all payment details appeared to be safe.

TAP said in a letter to customers the cyber-attack last month obtained from its servers people’s names, nationalities, email and home addresses, phone contacts and frequent flier numbers.

“The release of the personal data via open sources could increase the risk of their illegal use, namely aimed at obtaining other data that could compromise the digital systems in fraudulent attempts such as phishing. There are no signs that any payments data have been retrieved from TAP systems,” says TAP.

The airline also said it had taken immediate containment measures to keep its systems working and to protect other data. It urged customers to be wary of unsolicited contacts requesting personal information, and told them not to click on links and attachments in suspicious emails.

TAP also recommended changing passwords to stronger ones and said it would abstain from further contact with individual clients about the issue to avoid confusion.

Charl van der Walt on cybersecurity awareness for online shopping

TAP CEO Christine Ourmieres-Widener told reporters that the airline was very serious about client data and  the incident was upsetting. She would not disclose the number of affected clients which some local media have put at around 1.5 million, saying that such estimates did not necessarily correspond to facts.

She promised additional further investment in cybersecurity. Portugal’s military has recently been the target of cyber attack in which hundreds of classified NATO documents were allegedly stolen and put up for sale on the dark web, Diario de Noticias newspaper reported.

Portuguese authorities have not acknowledged the breach but said they were investigating whether there had been one.