Lisbon-based TAP, after a month of denying itself the fact of the problem was forced to admit: the personal data of passengers were stolen from the database. Earlier, the carrier, referring to its IT specialists, assured customers that nothing threatens their personal data.
The criminals stole and posted on the Web the names, nationality, gender, dates of birth, postal addresses, email and phone numbers of passengers. In addition, the hackers got the cards of the Miles & Go frequent flyer program participants. whether customers' payment information, such as credit card numbers.
The airline said in a statement that it was “promptly” notified the authorities, including the Portuguese police and the National Cyber Security Centre. TAP also brought in Microsoft as “the world's leading information technology and forensics expert” to look into the issue.
According to Eurocontrol, in 2020, 61% of all cyber attacks on the planet were committed against airlines. All of these attacks, with the exception of 5%, were financially motivated. The criminals purposefully searched for credit card information or used ransomware.
“We sincerely apologize to our customers for the disclosure of their personal data and for any inconvenience that this may cause,” — says in the statement. “We would like to reiterate our commitment to protecting customer privacy by developing additional measures to further strengthen customer security.”
TAP Air Portugal advises customers to be particularly vigilant against phishing scams in which thieves send an email that looks like it came from a legitimate source to force victims to hand over sensitive personal data.
The airline is also encouraging members of its Miles&Go frequent flyer program to change their passwords.