The Portuguese flag carrier TAP Air Portugal admitted on Friday that it was subjected to an overnight cyber attack, but the airline said “security mechanisms were promptly activated”, and any unauthorized access to its myriad computer systems was successfully blocked.
“Throughout the night and early morning, TAP teams have been investigating this event,” a statement from the Lisbon-based airline continued. “Operational integrity is guaranteed, so there is no risk to flight safety.”
A spokesperson for the airline reassured customers that IT experts were confident that passenger data hadn’t been stolen, but TAP Air’s contingency plan remains active, and the cyber division of Portugal’s police service is investigating what happened on Thursday night.
TAP Air Portugal is the latest airline to be targeted by hackers in what is anything but an isolated incident.
According to Eurocontrol, 61 per cent of all cyber attacks worldwide in 2020 targeted just airlines. Perhaps unsurprisingly, all but 5 per cent of those attacks were financially motivated – either by stealing valuable customer data like credit card information or as part of an elaborate ransomware attack.
The Indian low-cost carrier Spicejet fell victim to a massive ransomware attack in May which left hundreds of passengers stranded in airports across the country. Spicejet never said what systems the criminals targeted, but the airline was praised for being able to outwit the hackers and restore access within hours of coming under attack.
The aviation industry is facing at least one sophisticated ransomware attack a week according to Stephenson Harwood, and companies could be forced to collectively spend €20 billion a year in mitigating ransomware attacks.
In January 2020, hackers successfully breached easyJet’s cyber defences and made off with the credit card details of more than 2,000 customers. Unlike TAP Air Portugal, the Luton-based budget airline kept the attack under wraps for four months.
EasyJet now faces a class action lawsuit worth billions of pounds and could also face a hefty fine from a data watchdog. In 2019, British Airways was slapped with a mammoth £180 million fine for losing the data of 400,000 customers and staff. The airline successfully negotiated the penalty down to £20 million.
