TAP Air Portugal 2022 Data Breach

TAP Air Portugal Airline Breach (2022): 6.1 Million Passenger Records Including Nationality, DOB & Home Address Exposed via Ragnar Locker Ransomware | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Ragnar LockerRansomware / ExtortionTravel: AirDate of BirthEmail AddressFull NameGenderNationality or CitizenshipPhone NumberPhysical Address
Low SeverityWebsite / service breach

TAP Air Portugal Airline Breach (2022): 6.1 Million Passenger Records Including Nationality, DOB & Home Address Exposed via Ragnar Locker Ransomware

Portuguese flag carrier airline.

Verified by ObscureIQ Intelligence
17/100Breach Risk Index
8Data Value
10Market Recency
1384dSince Breach

Breach Intelligence Summary

Entity: TAP Air Portugal · Actor: Ragnar Locker · Sources: 3 references
Attack: Ransomware / Extortion
Profile: Company · Passenger air transportation · National airline · Portugal / Global
Timeline: Breach (2022-08-25) · Indexed (Sep 23, 2022) · Year (2022)
Exposure: 6.1M records · 9 fields: Date of Birth, Email Address, Full Name, Gender, Nationality or Citizenship, Phone Number, Physical Address, Salutation, Spoken Language
Status: Confirmed

Executive Summary

In August 2022, the Ragnar Locker ransomware gang attacked TAP Air Portugal and exfiltrated customer data, later leaking it on a dark-web site. The exposed set covered over 5 million unique email addresses (about 6.1 million records) and included names, salutations, dates of birth, genders, nationalities, phone numbers, physical addresses, spoken languages, and frequent-flyer numbers.

ObscureIQ assessment: Exposure enables travel fraud, phishing, booking impersonation, and physical-world targeting. Itinerary and loyalty data can also reveal movement patterns and likely absence from home.

Breach Impact

The rich identity set (name, DOB, nationality, address, phone) supports identity fraud and targeted phishing; the exposure of high-profile individuals including the Portuguese president heightens the targeting risk.

About TAP Air Portugal

TAP Air Portugal is the flag carrier airline of Portugal, operating domestic and international flights and a frequent-flyer program.

Why They Hold Your Data

Airlines collect passenger identity, contact details, booking records, payment-adjacent information, itinerary data, loyalty accounts, and customer-service interactions across travel operations.

Recent Developments

TAP confirmed the cyberattack; the Ragnar Locker gang leaked the stolen data on its dark-web site, and among those affected were the Portuguese president and various government figures.

Data Points Exposed

9 verified field types
Date of Birth High
Email Address
Full Name High
Gender
Nationality or Citizenship High
Phone Number
Physical Address High
Salutation
Spoken Language

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • Identity verification bypass using name + date of birth combination
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Identity verification bypass
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • Profile enrichment
  • Targeted visa & government scams
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Professional impersonation seeding
  • Targeted phishing localization

Threat Actor: Ragnar Locker

Ragnar Locker
Ransomware / Extortion

Attribution and method are based on available breach intelligence. Reported attack vector: Ransomware / Extortion.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the TAP Air Portugal breach?

In August 2022, the Ragnar Locker ransomware gang attacked TAP Air Portugal and exfiltrated customer data, later leaking it on a dark-web site. The exposed set covered over 5 million unique email addresses (about 6.1 million records) and included names, salutations, dates of birth, genders,…

What data was exposed?

Verified fields include Date of Birth, Email Address, Full Name, Gender, Nationality or Citizenship, Phone Number, Physical Address, Salutation, Spoken Language.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
Have I Been Pwned
Record & field corroboration
Cross-source
Dehashed
Independent catalogue listing
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation