
Regarding the cyber-attack on TAP of August, 25, we would like to inform you of the following:
While TAP has immediately deployed the appropriate cyber security measures and procedures for this type of events with the support of an industry-leading international IT and forensic expert (Microsoft), the attackers had been able to illegitimately access personal data from our customers. Information released includes the following categories of personal data from our customers: name, nationality, gender, date of birth, address, email, telephone contact, customer registration date, and frequent flyer number. The information for each affected customer may vary. There is no indication that payment data was exfiltrated from TAP’s network.
TAP released a public notice on customer information to make customers aware of this matter, which is available at https://www.flytap.com/en-pt/important-information
Although the investigation is still ongoing, we currently believe that the personal data which has been accessed has come from TAP's customer database only. Since only 15% of the Windows Server infrastructure has been affected and no operational system was impacted, we believe that no partner customer data has been accessed. The security of our customers and business partners and their data is our highest priority. We will therefore continue to take all necessary measures to protect them.
Should the investigation meanwhile lead to a different conclusion, we would of course promptly update this information.
Please find here a message from TAP CEO.
Thank you for your patience and understanding.