Trouble logging in to Website? Cyberattack August-September 2022
Oct 27, 2022, 3:00 am
#61
Join Date: May 2015
Location: RBA / TBS
Programs: AF Gold / Accor Gold / Hilton Diamond / TP Silver / A3 Gold
Posts: 2,746
whats a security outfit ?
depends which country they are from and where customers are located
depends which country they are from and where customers are located
Oct 27, 2022, 9:14 am
#62
Join Date: Nov 2002
Location: SEA/YVR/BLI
Programs: UA "Lifetime" Gold, AS MVPG100K, OW Emerald, HH Lifetime Diamond, IC Plat, Marriott Gold, Hertz Gold
Posts: 9,489
I wrote imprecisely. To be more specific, I was referencing so-called identity theft protection companies, e.g. Lifelock. I'm currently enrolled in a Mastercard "id protection service" as compensation for a data breach. That's where I learned of this breach. I'm sure I'm not the only one to have gotten several such memberships over the past few years.
Well, yes. 
Given the information provided in this post, it's apparently not the case in Portugal, i.e. "Please note that following this public announcement, TAP will not send direct messages on this subject to individual customers by any means."
depends which country they are from and where customers are located
Given the information provided in this post, it's apparently not the case in Portugal, i.e. "Please note that following this public announcement, TAP will not send direct messages on this subject to individual customers by any means."
Nov 7, 2022, 9:09 am
#64
Moderator, Iberia Airlines, Airport Lounges, and Ambassador, British Airways Executive Club
Join Date: Feb 2010
Programs: BA Lifetime Gold; Flying Blue Life Platinum; LH Sen.; Hilton Diamond; Kemal Kebabs Prized Customer
Posts: 63,783
I sent an email to the Data Protection Officer's email address [email protected] on 30 September , asking them to confirm whether my data had been stolen and if so, what aspects of my personal data had been taken. Today (7 November) I received this reply.
Originally Posted by TAP Data Protection Officer
Dear Customer,
Please forgive us for this late response, but we are able now to confirm that your data was exposed during an unauthorised access to part of TAP's computer systems.
You (sic., they mean "we") are deeply sorry that this incident has affected you.
Your personal data that was breached are: name, surname, gender, date of birth, address, e-mail, telephone contact, customer registration date and frequent flyer number.
Initially TAP was sending individual emails to affected customers. However, once the full extent of the affected customers became clear, TAP stopped sending individual communications. Instead, TAP opted for issuing a public communication on September 21st, in compliance with the provisions of the General Data Protection Regulation.
Although the access password for Miles&Go or the clients' reserved area is not among the affected data, we recommend, as a precaution, that you check the security conditions you use to access your reserved area, namely by using a strong password and changing it frequently.
We also recommend that you be wary of any unsolicited communications from suspicious email addresses in which you are asked for personal information and avoid clicking on links or downloading attachments from suspicious e-mail addresses. Communications sent by TAP do not contain this type of requests.
TAP has immediately set up a team of internal and external IT and forensic industry-leading experts to thoroughly investigate and prevent further damage. All affected systems have been isolated and the cleaning of those systems promoted. TAP operations were never affected – all TAP operations are running, safe and secure.
Specific measures taken by TAP include: deploying response and containment efforts with internal and external teams; deploying industry-leading experts for investigation and forensics; deploying an external team to support compromise recovery; and strengthening security measures in specific areas as a precaution.
At this time, the recovery of impacted systems is completed. There is no indication of threat actor activity on our infrastructure since the ransomware deployment.
TAP informed the Portuguese Privacy Authority (CNPD) of the incident on the 28th of August, as well as the Portuguese National Cyber Security Centre (CNCS). In addition to CNPD and CNCS, TAP also notified the Portuguese Criminal Police and the National Civil Aviation Authority (ANAC) and has been in contact with these relevant authorities since then.
Law enforcement authorities are investigating the events so that attackers can be made liable for all damages caused.
Thank you for your understanding,
Best regards,
Anabela Lopes
Encarregada de Proteção de Dados | Grupo TAP
Data Protection Officer (DPO) | TAP Group
Please forgive us for this late response, but we are able now to confirm that your data was exposed during an unauthorised access to part of TAP's computer systems.
You (sic., they mean "we") are deeply sorry that this incident has affected you.
Your personal data that was breached are: name, surname, gender, date of birth, address, e-mail, telephone contact, customer registration date and frequent flyer number.
Initially TAP was sending individual emails to affected customers. However, once the full extent of the affected customers became clear, TAP stopped sending individual communications. Instead, TAP opted for issuing a public communication on September 21st, in compliance with the provisions of the General Data Protection Regulation.
Although the access password for Miles&Go or the clients' reserved area is not among the affected data, we recommend, as a precaution, that you check the security conditions you use to access your reserved area, namely by using a strong password and changing it frequently.
We also recommend that you be wary of any unsolicited communications from suspicious email addresses in which you are asked for personal information and avoid clicking on links or downloading attachments from suspicious e-mail addresses. Communications sent by TAP do not contain this type of requests.
TAP has immediately set up a team of internal and external IT and forensic industry-leading experts to thoroughly investigate and prevent further damage. All affected systems have been isolated and the cleaning of those systems promoted. TAP operations were never affected – all TAP operations are running, safe and secure.
Specific measures taken by TAP include: deploying response and containment efforts with internal and external teams; deploying industry-leading experts for investigation and forensics; deploying an external team to support compromise recovery; and strengthening security measures in specific areas as a precaution.
At this time, the recovery of impacted systems is completed. There is no indication of threat actor activity on our infrastructure since the ransomware deployment.
TAP informed the Portuguese Privacy Authority (CNPD) of the incident on the 28th of August, as well as the Portuguese National Cyber Security Centre (CNCS). In addition to CNPD and CNCS, TAP also notified the Portuguese Criminal Police and the National Civil Aviation Authority (ANAC) and has been in contact with these relevant authorities since then.
Law enforcement authorities are investigating the events so that attackers can be made liable for all damages caused.
Thank you for your understanding,
Best regards,
Anabela Lopes
Encarregada de Proteção de Dados | Grupo TAP
Data Protection Officer (DPO) | TAP Group
