The Ragnar Locker ransomware added the Portuguese state-owned flag carrier airline TAP Air Portugal to its leak site and claims to have stolen customers’ data.
On August 26, the Portugues company announced via Twitter that it was hit by a cyber attack and that it was able to neutralize it.
Despite the message, some users were not able to access their accounts on the company website.
On August 31, the Ragnar Locker ransomware gang announced to have breached the airline’s infrastructure and exfiltrated the data of its customers.
“Several days ago Tap Air Portugal made a press-release where they claimed with confidence that they successfully repelled the cyber attack and no data was compromised (but we do have some reasons to believe that hundreds of Gigabytes might be compromised).” reads the message published by the gang on its leak site. “Now try to guess what happens if someone (guess who?) will provide the huge amount of irrefutable evidence, which will shows that official statement of Tap Air – is not true. The incident that occurred with them on Friday – in terms of the compromised personal data scale, it exceeds even the incident with company Easy jet.”
The ransomware group published screenshots of the stolen data, which allegedly includes names, addresses, email addresses, phone numbers, corporate IDs, travel information, nationality, gender, and other personal information.
At the time of this writing, the company only published an alert about the website and app instability on its website on September without mentioning the data breach.
(SecurityAffairs – hacking, TAP Air Portugal)