September 28, 2022
The Ragnar Locker ransomware gang says it has exfiltrated customer data in a cyberattack on Portuguese state-owned flag carrier airline TAP Air Portugal. The incident was initially disclosed on August 26, when TAP announced on Twitter that it managed to foil the cyberattack before the threat actor could access any customer data. “TAP was the…

The Ragnar Locker ransomware gang says it has exfiltrated customer data in a cyberattack on Portuguese state-owned flag carrier airline TAP Air Portugal.

The incident was initially disclosed on August 26, when TAP announced on Twitter that it managed to foil the cyberattack before the threat actor could access any customer data.

“TAP was the target of a cyberattack, now blocked. Operational integrity is guaranteed. No facts have been found that allow us to conclude that there has been improper access to customer data. The website and app still have some instability. Thank you for your understanding,” the company said.

On August 31, however, the Ragnar Locker ransomware gang boasted on their leaks website that the airline’s systems were in fact breached and that customer data was exfiltrated.

The threat actor also attempted to shame TAP, claiming that the data breach could result in the largest lawsuit in history, inferring that the personal information of at least hundreds of thousands of TAP customers was impacted in the incident.

The gang also posted a screenshot allegedly proving that data was indeed stolen during the cyberattack. The screenshot appears to include names, addresses, email addresses, phone numbers, corporate IDs, travel information, nationality, gender, and other personal information.

An alert that TAP published on its website on September 1 makes no mention of a data leak, but does inform customers that “the website and the app are still registering some instability.”

SecurityWeek has contacted TAP for a comment on the Ragnar Locker gang’s claims and will update this article as soon as a reply arrives.

Related: Ransomware Gang Leaks Data Allegedly Stolen From Greek Gas Supplier

Related: FBI Warns of RagnarLocker Ransomware Attacks on Critical Infrastructure

Related: Ragnar Locker Ransomware Uses Virtual Machines for Evasion

Ionut Arghire is an international correspondent for SecurityWeek. Previous Columns by Ionut Arghire:Tags:
Source