TAP airlines say hackers published customers’ personal data

Updated on: 23 September 2022

Vilius Petkauskas
Deputy Editor

TAP airlines say hackers published customers’ personal data — Image by Reuters.

Portugal’s TAP airlines said the leaked data included its customers’ personal identifiable information (PII).

Threat actors stole and published customer names, nationality, dates of birth, addresses, emails, and other PII, Portuguese state-owned flag carrier TAP Air Portugal claims. TAP is the largest airline in the country.

“Regretfully, we want to inform that the following categories of personal data from some customers of TAP have been disclosed: name, nationality, gender, date of birth, address, email, telephone contact, customer registration date, and frequent flyer number,” the company said in a statement.

TAP suffered a data breach on 25 August and initially said that threat actors hadn’t accessed customer personal data. According to Reuters, TAP CEO Christine Ourmieres-Widener told reporters the airline was ‘very serious about client data’ and said the incident was upsetting.

While the company didn’t specify the nature of the attack, deep web intelligence firm DarkFeed says TAP airlines is the latest victim of the Ragnar Locker ransomware group. DarkFeed indicates threat actors have stolen data from over 1.5 million TAP customers.

“Unfortunately, personal data from our customers has been illegitimately accessed. […] The information for each affected customer may vary. As for the moment, there is no indication that payment data was exfiltrated from TAP’s network,” the company said.

The TAP airline hack is the second major breach to shake Portugal. The country has recently been the target of a cyberattack in which hundreds of classified NATO documents were allegedly stolen and put up for sale on the dark web.

It is also not the first time Ragnar Locker has hit organizations in Portugal. Group’s hackers breached Portuguese multinational energy giant Energias de Portugal, demanding a $10 million ransom for releasing the data.

Ragnar Locker was first discovered in April 2020. Group’s affiliates rely on the double-extortion tactic. The group first exfiltrates the victim’s data and later encrypts it on the targeted system, threatening to leak the information if the ransom is not paid.

According to DarkFeed, Ragnar Locker has hit at least 58 organizations. Victims include computer chip maker ADATA, Japanese video game giant Capcom, Italian liquor company Campari Group and others.