Portugal’s flag carrier TAP told customers on Thursday that hackers had stolen some of their personal data and published it on the dark web, although the state-owned airline said all payment details appeared to be safe.
TAP said in a letter to customers the cyber-attack last month obtained from its servers people’s names, nationalities, email and home addresses, phone contacts and frequent flier numbers.
TAP was the target of a cyber-attack, now blocked. Operational integrity is guaranteed. No facts have been found that allow us to conclude that there has been improper access to customer data. The website and app still have some instability. Thank you for your understanding. pic.twitter.com/zQASbpNtXx
— TAP Air Portugal (@tapairportugal) August 26, 2022
“The release of the personal data via open sources could increase the risk of their illegal use, namely aimed at obtaining other data that could compromise the digital systems in fraudulent attempts such as phishing. There are no signs that any payments data have been retrieved from TAP systems,” says TAP.
The airline also said it had taken immediate containment measures to keep its systems working and to protect other data. It urged customers to be wary of unsolicited contacts requesting personal information, and told them not to click on links and attachments in suspicious emails.
TAP also recommended changing passwords to stronger ones and said it would abstain from further contact with individual clients about the issue to avoid confusion.
Charl van der Walt on cybersecurity awareness for online shopping
TAP CEO Christine Ourmieres-Widener told reporters that the airline was very serious about client data and the incident was upsetting. She would not disclose the number of affected clients which some local media have put at around 1.5 million, saying that such estimates did not necessarily correspond to facts.
She promised additional further investment in cybersecurity. Portugal’s military has recently been the target of cyber attack in which hundreds of classified NATO documents were allegedly stolen and put up for sale on the dark web, Diario de Noticias newspaper reported.
Portuguese authorities have not acknowledged the breach but said they were investigating whether there had been one.
