Portugal’s President Marcelo Rebelo de Sousa is among the customers of state airline TAP whose data was stolen, along with MPs, government officials and security forces, it was confirmed on Friday.
The flagship airline had said the day before that hackers had stolen some of its customers’ personal details and published it on the dark web, although the state-owned airline said all payment details appeared to be secure.
In a letter to customers, TAP claimed that last month’s cyberattack obtained people’s names, nationalities, email and home addresses, phone contacts and frequent flyer numbers from its servers.
“The disclosure of personal data through open sources could increase the risk of their illegal use, namely aimed at obtaining other data that could compromise digital systems in fraudulent attempts such as phishing,” explained TAP.
“There is no evidence that payment data was retrieved from TAP systems,” it said.
TAP also claimed it took immediate containment measures to keep its systems running and other data safe.
The Portuguese airline has not announced the number of customers affected, which local media estimate at around 1.5 million. The military was also targeted.
TAP urged customers to be cautious of unsolicited contacts requesting personal information and urged them not to click on links and attachments in suspicious emails. It also recommended changing passwords to stronger ones and said it would refrain from further contact with individual customers about the issue to avoid confusion.
TAP CEO Christine Ourmieres-Widener told reporters the airline is “very serious about customer data” and said the incident was troubling.