Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > TAP Air Portugal | Miles&Go
Reload this Page >

Trouble logging in to Website? Cyberattack August-September 2022

Trouble logging in to Website? Cyberattack August-September 2022

Old Oct 26, 22, 4:23 pm
  #61  
 
Join Date: Nov 2002
Location: SEA/YVR/BLI
Programs: UA "Lifetime" Gold and Silver Wings, AS MVPG100K, HH Diamond, IC Plat, Marriott Gold, Hertz Gold
Posts: 9,381
We just got an alert also from one of our security outfits that we were "compensated" with after some other company's data breach. I'm a little surprised there's no requirement that they get in touch with customers who might have been affected.
Fredd is offline  
Old Oct 27, 22, 4:00 am
  #62  
Accor Contributor Badge
 
Join Date: May 2015
Location: WAW / TBS
Programs: Flying Blue Platinum / Accor Platinum / Hilton Diamond / TAP Miles&Go Gold / IHG One Platinum
Posts: 2,199
Originally Posted by Fredd View Post
security outfits that we were "compensated"
whats a security outfit ?

Originally Posted by Fredd View Post
I'm a little surprised there's no requirement that they get in touch with customers who might have been affected.
depends which country they are from and where customers are located
fifty_two is offline  
Old Oct 27, 22, 10:14 am
  #63  
 
Join Date: Nov 2002
Location: SEA/YVR/BLI
Programs: UA "Lifetime" Gold and Silver Wings, AS MVPG100K, HH Diamond, IC Plat, Marriott Gold, Hertz Gold
Posts: 9,381
Originally Posted by fifty_two View Post
whats a security outfit ?
I wrote imprecisely. To be more specific, I was referencing so-called identity theft protection companies, e.g. Lifelock. I'm currently enrolled in a Mastercard "id protection service" as compensation for a data breach. That's where I learned of this breach. I'm sure I'm not the only one to have gotten several such memberships over the past few years.

depends which country they are from and where customers are located
Well, yes. Given the information provided in this post, it's apparently not the case in Portugal, i.e. "Please note that following this public announcement, TAP will not send direct messages on this subject to individual customers by any means."
Fredd is offline  
Old Oct 31, 22, 5:32 am
  #64  
 
Join Date: Apr 2009
Location: HEL
Programs: BA Gold, AY Gold
Posts: 581
I have two bookings with TP and can't access either through "My Trips". Is this related too the issues above?
Alec84 is offline  
Old Nov 7, 22, 10:09 am
  #65  
Moderator, Iberia Airlines, Airport Lounges, and Ambassador, British Airways Executive Club
 
Join Date: Feb 2010
Programs: BA Lifetime Gold; Flying Blue Life Platinum; LH Sen.; Hilton Diamond; Kemal Kebabs Prized Customer
Posts: 57,690
I sent an email to the Data Protection Officer's email address [email protected] on 30 September , asking them to confirm whether my data had been stolen and if so, what aspects of my personal data had been taken. Today (7 November) I received this reply.

Originally Posted by TAP Data Protection Officer
Dear Customer,

Please forgive us for this late response, but we are able now to confirm that your data was exposed during an unauthorised access to part of TAP's computer systems.

You (sic., they mean "we") are deeply sorry that this incident has affected you.

Your personal data that was breached are: name, surname, gender, date of birth, address, e-mail, telephone contact, customer registration date and frequent flyer number.

Initially TAP was sending individual emails to affected customers. However, once the full extent of the affected customers became clear, TAP stopped sending individual communications. Instead, TAP opted for issuing a public communication on September 21st, in compliance with the provisions of the General Data Protection Regulation.

Although the access password for Miles&Go or the clients' reserved area is not among the affected data, we recommend, as a precaution, that you check the security conditions you use to access your reserved area, namely by using a strong password and changing it frequently.

We also recommend that you be wary of any unsolicited communications from suspicious email addresses in which you are asked for personal information and avoid clicking on links or downloading attachments from suspicious e-mail addresses. Communications sent by TAP do not contain this type of requests.

TAP has immediately set up a team of internal and external IT and forensic industry-leading experts to thoroughly investigate and prevent further damage. All affected systems have been isolated and the cleaning of those systems promoted. TAP operations were never affected – all TAP operations are running, safe and secure.

Specific measures taken by TAP include: deploying response and containment efforts with internal and external teams; deploying industry-leading experts for investigation and forensics; deploying an external team to support compromise recovery; and strengthening security measures in specific areas as a precaution.

At this time, the recovery of impacted systems is completed. There is no indication of threat actor activity on our infrastructure since the ransomware deployment.

TAP informed the Portuguese Privacy Authority (CNPD) of the incident on the 28th of August, as well as the Portuguese National Cyber Security Centre (CNCS). In addition to CNPD and CNCS, TAP also notified the Portuguese Criminal Police and the National Civil Aviation Authority (ANAC) and has been in contact with these relevant authorities since then.

Law enforcement authorities are investigating the events so that attackers can be made liable for all damages caused.

Thank you for your understanding,

Best regards,

Anabela Lopes
Encarregada de Proteo de Dados | Grupo TAP
Data Protection Officer (DPO) | TAP Group
corporate-wage-slave is online now  

Thread Tools
Search this Thread