Portuguese President Marcelo Rebelo de Sousa, along with MPs, members of the government and security forces, are among the customers of state-owned airline TAP whose data was stolen, as confirmed on Friday.
The flagship carrier had said the previous day that hackers had stolen some of their customers’ personal data and posted it on the dark web, although the state-owned airline said all payment details appeared to be safe.
In a letter to customers, TAP claimed that last month’s cyberattack obtained names, nationalities, email and home addresses, phone contacts and frequent flyer numbers from its servers.
“Disclosure of personal data through open sources could increase the risk of its unlawful use, including to obtain other data that could compromise digital systems in fraudulent attempts such as phishing,” TAP said.
“There is no evidence that any payment data has been retrieved from TAP systems,” he said.
TAP also said it took immediate containment measures to keep its systems running and protect other data.
The Portuguese airline did not disclose the number of customers affected, which local media estimate at around 1.5 million. The army was also targeted.
TAP urged customers to be careful of unsolicited contacts asking for personal information and told them not to click on links and attachments in suspicious emails. He also recommended changing passwords to stronger passwords and said he would refrain from further contact with individual customers about the issue to avoid confusion.
TAP CEO Christine Ourmieres-Widener told reporters the airline was “very serious about customer data” and said the incident was heartbreaking.