“Unfortunately, we would like to inform you that the
categories of personal data disclosed for TAP customers consist of the
following: name, nationality, gender, date of birth, address, e-mail, telephone
contact, customer registration date and frequent flyer number”, TAP said in a
The airline indicated that the information disclosed
regarding each customer may vary, reiterating that “there is no evidence that
payment data has been taken from the systems”.
“Although cyberattacks constitute a constant threat to many
companies, TAP immediately took measures to contain and resolve the incident,
in order to protect all data held or managed”, they stressed.
In the document entitled “Important Notice to Customers”,
TAP also recommended “checking the security conditions that (…) customers use
to access their reserved area, namely through the use of a strong password and
its frequent change”, although access to the Miles&Go service or the
customers' reserved area had not been compromised.
TAP also asked customers to “remain cautious” in the face of
“unsolicited communications that require personal information” and to “avoid
clicking on links or downloading attachments sent from suspicious email
“(…) After this public communication, TAP will not send
messages directly to individual customers on this matter, by any means”, they
On Tuesday, the airline assured that it was able to contain
the computer attack it was targeted in August at an early stage and says it has
no indication that the pirates have accessed sensitive information, such as
Questioned by Lusa about the information released by
Expresso that the group that attacked the airline in August published data on
1.5 million customers and says it continues to have remote access to TAP
systems, the company underlines that it has been working with the National
Cybersecurity Center, the Judiciary Police and Microsoft.
"In August 2022, TAP Air Portugal's (TAP) internal
cybersecurity systems detected unauthorized access to some computer systems.
TAP is prepared for this scenario and immediately mobilized a team of internal
and external IT and forensic experts to investigate in detail what happened and
prevent further damage," the airline explained.
According to Expresso, the cybercriminal group Ragnar Locker
"has fulfilled the threat it has been making and this Monday published 581
gigabytes (GB) of data that it says relates to 1.5 million TAP customers".
In a message published on the Dark Web - the newspaper says
-, the Ragnar Lockers "also guarantee that they continue to have access to
TAP's computer systems".