ragnarlocker attacks TAP Air Portugal
Incident Date:
September 19, 2022
Overview
Title
ragnarlocker attacks TAP Air Portugal
Victim
TAP Air Portugal
Attacker
Ragnarlocker
Location
First Reported
September 19, 2022
Ragnar Locker Ransomware Attack on TAP Air Portugal
In August 2022, TAP Air Portugal, the flag carrier of Portugal, fell victim to a cybersecurity breach orchestrated by the Ragnar Locker ransomware gang. This incident led to the unauthorized disclosure of over five million unique email addresses. Additionally, sensitive personal information such as names, genders, dates of birth, phone numbers, and physical addresses were compromised and subsequently leaked on a public dark web site.
As the largest airline in Portugal, TAP Air Portugal accounted for more than half of the traffic at Lisbon International Airport in 2019. The airline has historically emphasized its dedication to the security of customer data. CEO Christine Ourmieres-Widener has publicly affirmed the company's commitment to safeguarding personal information against cyber threats.
The specific vulnerabilities exploited in this attack have not been detailed in public disclosures. Nonetheless, it is clear that the attackers successfully infiltrated the airline's digital infrastructure and extracted sensitive customer data. This breach underscores the critical need for continuous enhancement of cybersecurity protocols to deter such threats.
Sources
- FlyTAP – TAP's official website
- Account Data Breach: TAP Air Portugal - DOIT (UMBC)
- Portugal's TAP says hackers stole, published passengers' personal data - Reuters
- Ragnar Locker ransomware claims attack on Portugal's flag airline - BleepingComputer
- TAP Air Portugal confirms hack, as Ragnar Locker gang leaks data - ZDNet
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.