Scandinavian Airlines confirms cyberattack that exposed customer data
Scandinavian Airlines revealed in a security notice published on the SAS Group website that it was the victim of a cyberattack. The attack, which was carried out on February 14, 2023, caused the organization's mobile apps and website to become unavailable.
SAS is investigating the incident at the time of writing, but it has confirmed already that data of some passengers "became visible to other passengers who were active during the ongoing attack". In other words: SAS passengers who used mobile apps or the website while the attack was ongoing, could have had access to data of other passengers.
It is unclear during which time periods this happened. A likely scenario is that it happened before services went offline, but SAS Group does not provide details on that.
According to the security notice, passengers were able to access the following details of other SAS passengers:
- Contact details.
- Previous and upcoming flights.
- The last four digits of the customer's credit card number.
SAS Group reassures customers that the last four digits of credit card numbers are not sufficient to exploit the information. Furthermore, it notes that passport details or EuroBonus points were not visible to other passengers either.
The group did not reveal the number of customers that were affected by the cyberattack. It warned customers that it is expecting additional attacks in the near future, as similar attacks happen to "come in batches" often.
It is working with the national Civil Aviation Agency, police and security policy in all security matters. The group noted in a statement that it continues to monitor the situation: "We are monitoring the situation closely and continue the work to analyze and evaluate the attack and related consequences, as well as take preventive measures".
SAS is the flagship carrier of the Nordic countries Denmark, Sweden and Norway. It operates a fleet of 131 aircraft and offers flights to 168 different destinations.
Additional information on the cyberattack
A report by The Record suggests that a hacking group that calls itself Anonymous Sudan is responsible for the attack. The group posted a statement about the attack on its Telegram channel.
The hacking group stated that its attack on SAS is a response to the burning of the Quran during a rally in Stockholm, Sweden, earlier this year. Sweden issued a ban over another rally earlier this month that would also have included the burning of a Quran.
Attacks are also carried out against other targets, including Swedish airports and targets in Bahrain.
Closing Words
SAS Group, like many airlines worldwide, has been impacted significantly by the Covid epidemic. Air traffic was grounded or limited during the epidemic. For SAS Group, it meant filling voluntarily for Chapter 11 in the United States to accelerate its "comprehensive business transformation plan". (via Bleepingcomputer)