In the wake of the hackers’ attack on TAP systems, which occurred on August 25, the airline reported this Wednesday, in a statement, that “hackers” were able to steal personal data from TAP customers, which is information such as name, address, e-mail or phone number, that is, Advertisement on the “Dark Web”, “Black Internet”.
“Unfortunately, we would like to inform you that the categories of personal data disclosed by TAP customers consist of the following: name, nationality, gender, date of birth, address, email, telephone contact, customer registration date and frequent flyer number,” the Portuguese airline offers, confirming that the personal information it discloses Hackers may differ from one client to another.
TAP warns that revealing stolen personal data can mean an increased risk of it being used illegally, for example, through digital fraud and “phishing” schemes – where hackers can trick users into providing other information, such as bank card details. “So far, there is no indication that payment data has been leaked from TAP systems,” the company asserts.
“We sincerely apologize to our customers who have been affected by the disclosure of their personal data and for any inconvenience this may cause,” concludes TAP, advising customers to check personal access and security conditions for areas reserved for TAP customers online, as well as for the Miles & Go system, also alerting you to exercise caution with Unsolicited communications requesting personal data. It is also recommended not to click on web links or download files from suspicious email addresses.
It is reported that, despite the computer attack, the rapid intervention allowed to avoid harm to the operational processes of the company.
TAP also leaves answers to some frequently asked questions from customers about it. Read the company’s responses to the questions below.
What happened in more detail?
In August 2022, TAP Portugal’s internal cybersecurity systems discovered unauthorized access to some computer systems. TAP was prepared for this scenario and immediately mobilized a team of internal and external IT professionals and forensic experts to investigate in detail what had happened and prevent further harm.
Thanks to the cyber security systems and the quick work of the in-house IT team, the intrusion was contained at an early stage, before causing harm to operational processes. TAP operations run normally across the board. Unfortunately, some data has been accessed illegally by hackers and is being published publicly. Affected data may include name, nationality, gender, date of birth, address, email, phone number, customer registration date and frequent flyer number. The affected information may vary for each customer. So far, there is no indication that payment data has been leaked from TAP systems.
This intrusion was intended to harm TAP and its customers. The security and data of our customers and business partners is our highest priority. TAP will continue to take all necessary measures to protect them.
What is the impact of this situation on TAP clients?
Thanks to the early detection of the intrusion, there was no disruption to TAP’s operations. Our customers can continue to travel safely with our company.
You are pirates Did they gain access to customer data?
Unfortunately, some data was illegally accessed by pirates It is publicly disclosed. Affected data may include name, nationality, gender, date of birth, address, email, phone number, customer registration date and frequent flyer number. The affected information may vary for each customer. So far, there is no indication that payment data has been leaked from TAP systems.
What actions did TAP take?
Cyber attacks are a constant threat to many businesses, and TAP has been prepared for the possibility. TAP immediately built a team of industry-leading in-house and external IT and forensic experts to thoroughly investigate and prevent further harm. All affected systems have been isolated and these systems have been cleaned. The good news is that TAPs are never affected – all TAPs are done securely.
Among the specific measures TAP took: Adopting response and containment measures with the support of internal and external teams. Deployment of industry-leading experts for criminal investigation and investigation; Deployment of an external team to support the recovery of compromised systems; And strengthening security measures in specific areas as a precautionary measure.
Was the customer’s personal data secure?
The accessed data is stored securely in TAP computer systems using appropriate organizational and technical measures based on the usual standards of compliance with applicable legal requirements.
What organizational and technical measures have been used to protect TAP from this type of intrusion?
Measures implemented in TAP include: Regular data backup. Use of antivirals firewalls with IDS / IPS; email protection tools; use of the second authentication factor; splatter Security vulnerability scan. Penetration tests cybersecurity training, among others.
What is the impact of the situation on operational processes?
Thanks to the cyber security systems and quick actions of the in-house IT team, the intrusion was contained at an early stage. Therefore, there was no prejudice to operational processes. Our customers can continue to travel safely with our company.
Was there any data leakage?
Unfortunately, some data was accessed illegally by pirates It is publicly disclosed. Affected data may include name, nationality, gender, date of birth, address, email, phone number, customer registration date and frequent flyer number. The affected information may vary for each customer. So far, there is no indication that payment data has been leaked from TAP systems.
Where was my data disclosed?
The data was published on the site to spread the data stolen from the attackers. You are pirates Running such websites dedicated to information leaks hidden indark web“. a dark web describes part of Internet It cannot be accessed through search engines such as Google or through commonly used web browsers. To access websites on dark web A private browser is required.
What happens with the stolen data?
Attackers disseminate illegally obtained data in dark web. Disclosure of personal data through open sources can increase the risk of its illegal use, i.e. with the aim of obtaining other data that could put digital systems at risk to commit fraud (phishing).
What should I do?
Although the Miles & Go or Customer Reserved Area access password is not among the affected data, we recommend that, as a precaution, you check the security conditions you use to access your Reserved Area, i.e. use a strong password and change it. Often. We also recommend that you beware of any unsolicited communications requesting personal information and avoid clicking on links or downloading attachments from suspicious email addresses.
How can I change my password?
The access password can be changed in www.flytap.pt, selecting the login option in the upper right corner of the page and clicking “I don’t remember/change my password”. You must then enter your email address in the “to recover/change my password” pop-up that appears. You will receive an email with a link to register a new password.
For further clarifications, you can get more information by calling 800204692 (domestic calls) or +442036953214 (international). You may also contact the TAP Data Protection Officer at [email protected]
“Wannabe internet buff. Future teen idol. Hardcore zombie guru. Gamer. Avid creator. Entrepreneur. Bacon ninja.”