TAP says there’s no indication hackers have access to clients’ payment data

TAP Air Portugal on Tuesday said it had managed to contain the cyber-attack it suffered in August at an early stage and said it had no indication that the hackers had accessed sensitive information, such as payment data.

Questioned by Lusa about the information published by weekly Expresso newspaper that the group that attacked the airline in August published data on 1.5 million customers and said to still have remote access to TAP systems, the company stressed that it has been working with the National Cyber Security Centre, the Judicial Police and Microsoft throughout the process.

“In August 2022, TAP Air Portugal’s (TAP) internal cybersecurity systems detected unauthorised access to some computer systems. TAP is prepared for this scenario and immediately mobilised a team of internal and external IT specialists and forensic experts to investigate in detail what happened and prevent further damage,” the airline explains.

The carrier also says that “thanks to the cybersecurity systems and the quick action of the internal IT [information technology] team, the intrusion was contained at an early stage, before causing damage to operational processes”.

“TAP’s operations are running smoothly,” the company assures, acknowledging that, “unfortunately, some data was stolen by the hackers and is being made public” and that the affected data may include names, contact information, demographic information and frequent flyer number.

TAP also says that the information affected regarding each customer “may vary”, but stresses that, “to date, there is no indication that sensitive information, in particular payment data, has been exfiltrated”.

“This intrusion was aimed at causing harm to TAP and its customers. The security of our customers and business partners and their data is our highest priority. We will therefore continue to take all necessary measures to look after their data”.

According to Expresso, cybercriminal group Ragnar Locker “has made good on its threat and this Monday published 581 gigabytes (GB) of data it claims pertains to 1.5 million TAP customers”.

In a message published on the Dark Web, the newspaper reports, the Ragnar Lockers “guarantee that they still have access to TAP’s computer systems”.

In addition to charts showing addresses, telephone numbers and customer names, Expresso, which had access to the files, writes that the data leak “shows identification documents of people who appear to be TAP professionals or partners, as well as confidential agreements with various companies and relationships with other airlines”.

In an email sent to customers last week, TAP warned customers affected by the cyber-attack, whose data was published, that this disclosure “may increase the risk of its illegitimate use”, asking for attention to suspicious communications.

In the email, the carrier recalled that the cyber-attack was “promptly reported to the various relevant authorities”, reiterating that “the appropriate cybersecurity measures and procedures were triggered for this type of event with the support of a specialised and industry-leading international company” and that “the measures adopted made it possible to ensure the integrity of the data and the operation, in safety, of all the systems” of the company.

“We are very sorry that your personal data has been included in this disclosure and for any inconvenience that this may cause you,” TAP said, also reaffirming its “commitment” to the protection of personal data and stating that measures are “being developed to strengthen the security” of the data.