TAP Air Portugal – which serves more than 80 destinations in 30 countries – announced on September 21 that it had been the victim of a cyber attack. No flight disruptions have been reported. She says that last August, she discovered unauthorized access to some of her computer systems. Immediate action was taken to contain the attack and notify the relevant authorities as required by the regulations. Investigations are underway.
Sensitive data theft
However, these various measures were not sufficient to protect the personal data of customers. In fact, the hackers stole the name, nationality, gender, date of birth, address, email, phone number, customer registration date and traveler number. Nice swag to carry out phishing attacks. On the other hand, the Portuguese national company asserts that at this point, nothing indicates that the payment data is concerned with this theft.
The incident does not end there, as in addition to being stolen, this data was spread on the dark web by hackers, the company specifies. It does not specify whether relevant customers have been notified. As a reminder, the General Data Protection Regulation (GDPR) requires this due to the sensitivity of the personal data involved.
The number of customers affected was also not disclosed. some media Subtract the figure of 1.5 million people. Information not confirmed by the Portuguese company.
Poorly insured companies
This incident adds to the long list of data breaches involving airlines. British Airways, Cathay Pacific and Air India have faced cyber attacks in which sensitive information was stolen. Proof that cybersecurity is not assured even for large companies.
It remains to be seen if TAP Air Portugal has adequately secured its information system. Otherwise, it can be tried. Such was the case with Cathay Pacific, who was judged £500,000 fine by the Information Commissioner’s Office (ICO), the British equivalent of the National Computing and Liberties Commission (CNIL), for failing to meet its security obligations.
determinant for you
