Portugal’s President Marcelo Rebelo de Sousa, alongside MPs, government staff and security forces, are among the clients of state-owned airline TAP whose data has been stolen, as was confirmed on Friday.
The flagship carrier had stated the day before that hackers had stolen some of their customers’ personal data and published it on the dark web, although the state-owed airline said all payment details seemed safe.
In a letter to customers, TAP claimed that the cyber attack last month obtained from its servers people’s names, nationalities, email and home addresses, phone contacts and frequent flier numbers.
“The release of the personal data via open sources could increase the risk of their illegal use, namely aimed at obtaining other data that could compromise the digital systems in fraudulent attempts such as phishing,” TAP stated.
“There are no signs that any payments data have been retrieved from TAP systems,” it said.
TAP also claimed it had taken immediate containment measures to keep its systems working and to protect other data.
The Portuguese airline has not disclosed the number of affected clients, which local media estimate as being around 1.5 million. The military has also been targeted.
TAP urged customers to be careful of unsolicited contacts requesting personal information, and told them not to click on links and attachments in suspicious emails. It also recommended changing passwords to stronger ones and said it would abstain from further contact with individual clients about the issue to avoid confusion.
TAP CEO Christine Ourmieres-Widener told reporters the airline was “very serious about client data” and said the incident was upsetting.