TAP Air Portugal Data Breach: What Happened in August 2022?

In early August 2022, TAP Air Portugal—one of the country's largest airlines—fell victim to a ransomware attack that exposed the personal information of millions of passengers. The breach came to light after attackers released a substantial trove of stolen data, including over 5 million unique email addresses, on a public dark web site. This incident not only impacted the airline but also left a wide swath of its customers with their private details circulating in criminal forums. Among the exposed information were full names, dates of birth, genders, phone numbers, physical addresses, and various other personal identifiers. In total, more than 42 million records were compromised, with the highest-profile leak consisting of 6.1 million unique records. The breadth of this breach made it one of the most significant data incidents in the airline sector in recent years.

How Did the TAP Air Portugal Breach Happen?

The incident began in August 2022, when a ransomware group managed to penetrate TAP Air Portugal's IT systems. Attackers infiltrated the network, exfiltrated sensitive passenger data, and ultimately demanded a ransom. When their demands were not met, they responded by leaking the compromised data set online for anyone to download. This placed personal information of millions at risk and exposed TAP Air Portugal passengers to potential phishing campaigns and other privacy threats.

Types of Data Compromised

The range of information accessed in the breach was particularly broad. Exposed data included:

• Full names (including individual first, last, and full name variants)
• Dates of birth
• Name titles and gender
• Residential addresses (city, country, street details, and zip code)
• Email addresses (over 5 million unique emails leaked)
• Phone numbers
• Social identifiers
• Company affiliations

The nature of this leaked data increases risks for affected individuals, from identity theft to more targeted phishing attempts.

Timeline of the Breach

The breach is believed to have begun in early August 2022. TAP Air Portugal became aware of a system intrusion and initiated security protocols shortly after the incident. Once it became clear that their data was being published on dark web outlets, the airline disclosed the breach to authorities and began notifying affected customers. The criminals made the compromised data available on a public site, and by that point, it had already spread widely in the cybercrime community.

Scale and Impact

Over 42 million records were ultimately compromised in this breach. At least 6.1 million unique profiles appeared in the dataset, most involving passenger contact information and personal identifiers. Given the nature of airline operations, individuals potentially affected include frequent flyers, one-time passengers, and partners who interacted with TAP Air Portugal across various regions.

FAQ

How many people were affected by the TAP Air Portugal data breach?

More than 5 million unique individuals had their data exposed, with the compromised database totaling over 42 million records. The leak included emails, names, addresses, and more.

What information was leaked in the TAP Air Portugal breach?

The breach exposed a range of personal data: full names, dates of birth, gender details, email addresses, phone numbers, physical addresses, social identifiers, and company information.

When did the TAP Air Portugal breach take place?

The attack began in early August 2022, with data being leaked publicly shortly afterward when ransom demands were not met.

How did hackers gain access to TAP Air Portugal’s data?

Attackers used ransomware to breach the airline’s IT systems, exfiltrated data, and then leaked it online after negotiations failed.

How can i check if i'm in the TAP Air Portugal breach?

You can check if your information was part of the TAP Air Portugal breach by utilizing the DeHashed search engine.