The Ragnar Locker ransomware gang says it has exfiltrated customer data in a cyberattack on Portuguese state-owned flag carrier airline TAP Air Portugal.
The incident was initially disclosed on August 26, when TAP announced on Twitter that it managed to foil the cyberattack before the threat actor could access any customer data.
“TAP was the target of a cyberattack, now blocked. Operational integrity is guaranteed. No facts have been found that allow us to conclude that there has been improper access to customer data. The website and app still have some instability. Thank you for your understanding,” the company said.
On August 31, however, the Ragnar Locker ransomware gang boasted on their leaks website that the airline’s systems were in fact breached and that customer data was exfiltrated.
The threat actor also attempted to shame TAP, claiming that the data breach could result in the largest lawsuit in history, inferring that the personal information of at least hundreds of thousands of TAP customers was impacted in the incident.
The gang also posted a screenshot allegedly proving that data was indeed stolen during the cyberattack. The screenshot appears to include names, addresses, email addresses, phone numbers, corporate IDs, travel information, nationality, gender, and other personal information.
An alert that TAP published on its website on September 1 makes no mention of a data leak, but does inform customers that “the website and the app are still registering some instability.”
SecurityWeek has contacted TAP for a comment on the Ragnar Locker gang’s claims and will update this article as soon as a reply arrives.
Related: Ransomware Gang Leaks Data Allegedly Stolen From Greek Gas Supplier
Related: FBI Warns of RagnarLocker Ransomware Attacks on Critical Infrastructure
Related: Ragnar Locker Ransomware Uses Virtual Machines for Evasion
More from Ionut Arghire
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- Apria Healthcare Notifying 2 Million People of Years-Old Data Breaches
- European Cybersecurity Firm Sekoia.io Raises $37.5 Million
- GitLab Security Update Patches Critical Vulnerability
- Android App With 50,000 Downloads in Google Play Turned Into Spyware via Update
- US Sanctions North Korean University for Training Hackers
- New ‘GoldenJackal’ APT Targets Middle East, South Asia Governments
Latest News
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
- Security Pros: Before You Do Anything, Understand Your Threat Landscape
- Major Massachusetts Health Insurer Hit by Ransomware Attack, Member Data May Be Compromised
- Apria Healthcare Notifying 2 Million People of Years-Old Data Breaches
- European Cybersecurity Firm Sekoia.io Raises $37.5 Million

