The Portuguese flag carrier TAP Air Portugal admitted on Thursday that personal customer data was stolen by hackers in a cyber attack that took place nearly a month ago. The Lisbon-based airline had previously reassured customers that its IT experts were confident no personal data had been accessed.
A treasure trove of personal data has been stolen and openly released by the criminals including the names, nationality, gender, date of birth, postal address, email address, and telephone numbers of passengers.
The hackers also stole associated frequent flyer numbers, but a spokesperson for the beleaguered airline said there was so far “no indication” that payment data such as credit card numbers had been stolen.
In a statement, the airline said it “promptly” notified the authorities including the Portuguese Criminal Police and the Cybersecurity National Centre. TAP has also employed Microsoft as an “industry-leading international IT and forensic expert” to get to the bottom of what happened.
“Although cyber-attacks are a regular threat to many businesses, TAP immediately took containment and remediation measures to protect all owned or managed data,” the airline said in a statement.
According to Eurocontrol, in 2020 airlines were targeted in 61 per cent of all cyber attacks worldwide. All but 5 per cent of those attacks were financially motivated – either by stealing valuable customer data like credit card information or as part of an elaborate ransomware attack.
“We sincerely apologize to our affected customers that their personal data has been released and for any inconvenience it may cause,” the statement continued. “We would like to reinstate our commitment towards the protection of our customers’ personal data for which we are developing additional measures to continue reinforcing its security.”
In the immediate aftermath of the cyber attack during the evening of August 25, it appeared that TAP had escaped unscathed after it announced that “security mechanisms were promptly activated” and IT experts had worked through the night to contain the threat.
TAP Air Portugal is now advising customers to be extra vigilant of phishing scams in which fraudsters send an email that is made to look like it has come from a legitimate source to coerce victims to hand over sensitive personal data.
The airline is also calling on members of its Miles&Go frequent flyer programme to change their passwords.
