Important notice on customer information
TAP has recently been the victim of a cyber-attack, which was promptly reported to all the relevant authorities. TAP has been closely cooperating with authorities, in particular with the Portuguese Criminal Police and the Cybersecurity National Centre, on the investigation of these events since August 25. While TAP has immediately deployed the appropriate cyber security measures and procedures for this type of events with the support of an industry-leading international IT and forensic expert (Microsoft), the attackers had been able to illegitimately access personal data from some customers of TAP. The measures adopted made it possible to guarantee the availability and integrity of the data and the safe operation of all TAP systems.
Although cyber-attacks are a regular threat to many businesses, TAP immediately took containment and remediation measures to protect all owned or managed data. Regretfully, we want to inform that the following categories of personal data from some customers of TAP have been disclosed: name, nationality, gender, date of birth, address, email, telephone contact, customer registration date and frequent flyer number. The information for each affected customer may vary. We are releasing this notice to make customers aware of this matter. There is no indication that payment data was exfiltrated from TAP’s network.
Disclosure of personal data through open sources may increase the risk of its illegitimate use, namely with the purpose of obtaining other data that may compromise digital systems to perpetrate fraud (phishing).
Although the access password for Miles&Go or customers’ reserved area is not among the personal data that was compromised, as a matter of precaution, we recommend checking the security conditions our customers use to access their reserved area, namely by using a strong password and changing it frequently. We also recommend customers to stay cautious of any unsolicited communications that ask for personal information and to avoid clicking on links or downloading attachments from suspicious emails. Please note that following this public announcement, TAP will not send direct messages on this subject to individual customers by any means.
We sincerely apologize to our affected customers that their personal data has been released and for any inconvenience it may cause. We would like to reinstate our commitment towards the protection of our customers’ personal data for which we are developing additional measures to continue reinforcing its security.
Below are FAQs about the event and further information that may be useful.
We thank you for your understanding!