This year TAP Air Portugal joined a growing list of organizations affected by cyberattacks. Around 6.1 million customer records surfaced online after a ransomware incident linked to the Ragnar Locker group, later documented by Have I Been Pwned.
The exposed data didn’t include passwords or payment details. Instead, it contained names, email addresses, phone numbers, dates of birth, nationalities, and other personal information, the kind of data that allows attackers to map identities, craft credible phishing campaigns, and exploit trust.
This breach isn’t about immediate account takeovers. It’s about long-term, secondary risk. Attackers can leverage this information months or even years later, targeting users with messages that feel legitimate because they reference real personal details.
TAP confirmed that financial data wasn’t accessed, and there’s no public evidence contradicting this. Still, the fact remains: if the data wasn’t valuable, it wouldn’t have been stolen and shared.
For users affected, the key takeaway is to treat this exposure as persistent. Be cautious with airline-related emails and messages, avoid reusing personal details as security answers elsewhere, and assume your information could resurface in future scams.
Security isn’t just about passwords.
It’s about how much of your identity exists outside your control.
