Important notice to customers

The information presented on this webpage envisages to provide additional details to customers who were affected by a non-authorized access to TAP’s systems in August 2022.
The security of our customers and their data is our highest priority. Our customers may count on TAP to continue taking all necessary measures to take care of their data.

Frequently asked questions

In August, TAP Air Portugal (TAP) detected an unauthorized third-party access to certain IT systems. TAP is prepared for such a scenario and immediately set up a team of internal and external IT and forensic experts to thoroughly investigate and prevent further damage.

Thanks to the cyber security systems and quick actions by the internal IT team, the intrusion was contained in an early stage before any impairment of the operational processes occurred. TAP operations are effectively running in all areas. Unfortunately, some data was stolen by the hackers and is being publicly released. Information affected may include data such as name, contact details, demographic information and frequent flyer number. The information for each affected customer may vary. As for the moment, there is no indication that sensitive information, in particular payment data, was exfiltrated.

This intrusion was aimed to harm TAP Air Portugal as well as its customers. The security of our customers and business partners and their data is our highest priority. We will therefore continue to take all necessary measures to protect them.

Please call 800204692 (for Portugal only) or +442036953214 (international) for further information. Customers can also contact TAP’s data protection officer, via e-mail at [email protected]. We would recommend customers not to use the ordinary TAP contacts as we have deployed a dedicated service line to support you in this respect.

We thank you for your understanding and apologise for any inconvenience.

Due to the early detection of the intrusion, there is no impairment on TAP’s operational processes. Our customers can continue to safely travel with our airline.

Unfortunately, some data from customers has been affected. Information affected may include data such as name, contact details, demographic information and frequent flyer number. The information for each affected customer may vary. As for the moment, there is no indication that sensitive information, in particular payment data was exfiltrated.

TAP is prepared for such a scenario and immediately set up a team of internal and external IT and forensic industry-leading experts to thoroughly investigate and prevent further damage. All affected systems have been isolated and the cleaning of those systems promoted. The good news is: TAP operations were never affected – all TAP operations are running, safe and secure.

Specific measures taken by TAP include: deploying response and containment efforts with internal and external teams; deploying industry-leading experts for investigation and forensics; deploying an external team to support compromise recovery; and strengthening security measures in specific areas as a precaution.

Thanks to the cyber security systems and quick actions by the internal IT team, the intrusion was contained at an early stage. Hence, no impairment of the operational processes occurred. Our customers can continue to safely travel with our airline.

Unfortunately, some data was stolen by the hackers and publicly disclosed. Information affected may include data such as name, contact details, demographic information and frequent flyer number. The information for each affected customer may vary. As for the moment, there is no indication that sensitive information, in particular payment data was exfiltrated.

The data was leaked on the attackers’ data leak site. Hackers operate such dedicated leak sites hidden in the “dark web”. The dark web describes a part of the World Wide Web that cannot be accessed via search engines such as Google or via commonly used web browsers. Instead, a special browser is required to access websites within the dark web.

Hackers are publishing the data illegally obtained on the dark web. Disclosure of personal data through open sources may increase the risk of its illegitimate use, namely with the purpose of obtaining other data that may compromise digital systems to perpetrate fraud (phishing).

Since certain data exfiltration was confirmed only recently, the affected customers, who are in a limited number, are being informed. TAP will only contact customers’ which data has been affected to support them in this respect. Customers may obtain further clarifications or information by contacting TAP’s data protection officer, via e-mail at [email protected]. We would recommend customers not to use the ordinary TAP contacts as we have deployed a dedicated service line to support you in this respect.

We have communicated directly with certain customers we identified as affected by this issue to make them aware of the matter by email. If you have not received an email is because we have not identified you as an affected customer. Please note that TAP is not communicating with customers by any other means, namely by phone or social media. The protection of our customers and their data always has the highest priority at TAP and should we determine that the incident requires further notification we will contact customers accordingly.

Although the access password for Miles&Go or customers’ reserved area is not among the affected customer data, as a matter of precaution, we recommend you check the security conditions you use to access your reserved area, namely by using a strong password and changing it frequently. We also recommend you stay cautious of any unsolicited communications that ask for your personal information and avoid clicking on links or downloading attachments from suspicious emails.

Customer password may be changed at FlyTap website by selecting login at the top right of the page and choosing “Don’t remember/change my password”. A window to “recover/change my password” will pop-up for you to insert your email address. You will receive an email with a link to reset the password and register a new access password.

At this time, we have no indication that employee data has been exfiltrated or leaked. We continue to work at full speed to reconstruct the extent of the intrusion and to inform any affected people.