What Happened
In August 2022, Flytap.com, the website operated by TAP Air Portugal, suffered a ransomware attack by the Ragnar Locker gang, who gained unauthorized access to IT systems, stole sensitive customer data, and leaked it on dark web sites after ransom demands went unmet. The breach exposed personal information of approximately 6.1 million accounts (over 5 million unique email addresses), including names, dates of birth, genders, nationalities, phone numbers, physical addresses, frequent flyer numbers, and other identifiers, totaling up to 581GB or more, though no payment data was compromised. TAP detected the intrusion early, contained it with expert help, notified affected customers, and advised password changes and phishing vigilance, marking it as the airline’s first major incident. A separate 1.04GB leak labeled “Flytap 08-2022” was posted by hacker “frog” in November 2023, likely tied to the same event.
