“Unfortunately, we would like to inform you that the categories of personal data disclosed for TAP customers consist of the following: name, nationality, gender, date of birth, address, e-mail, telephone contact, customer registration date and frequent flyer number”, TAP said in a statement.
The airline indicated that the information disclosed regarding each customer may vary, reiterating that “there is no evidence that payment data has been taken from the systems”.
“Although cyberattacks constitute a constant threat to many companies, TAP immediately took measures to contain and resolve the incident, in order to protect all data held or managed”, they stressed.
In the document entitled “Important Notice to Customers”, TAP also recommended “checking the security conditions that (…) customers use to access their reserved area, namely through the use of a strong password and its frequent change”, although access to the Miles&Go service or the customers' reserved area had not been compromised.
TAP also asked customers to “remain cautious” in the face of “unsolicited communications that require personal information” and to “avoid clicking on links or downloading attachments sent from suspicious email addresses”.
“(…) After this public communication, TAP will not send messages directly to individual customers on this matter, by any means”, they warned.
On Tuesday, the airline assured that it was able to contain the computer attack it was targeted in August at an early stage and says it has no indication that the pirates have accessed sensitive information, such as payment data.
Questioned by Lusa about the information released by Expresso that the group that attacked the airline in August published data on 1.5 million customers and says it continues to have remote access to TAP systems, the company underlines that it has been working with the National Cybersecurity Center, the Judiciary Police and Microsoft.
"In August 2022, TAP Air Portugal's (TAP) internal cybersecurity systems detected unauthorized access to some computer systems. TAP is prepared for this scenario and immediately mobilized a team of internal and external IT and forensic experts to investigate in detail what happened and prevent further damage," the airline explained.
According to Expresso, the cybercriminal group Ragnar Locker "has fulfilled the threat it has been making and this Monday published 581 gigabytes (GB) of data that it says relates to 1.5 million TAP customers".
In a message published on the Dark Web - the newspaper says -, the Ragnar Lockers "also guarantee that they continue to have access to TAP's computer systems".