SAS confirms passenger data breached during Valentine’s Day attack
SAS Airlines confirms passenger data was breached during a Valentine's Day cyberattack, Anonymous Sudan claims responsibility.
Scandinavian Airlines (SAS) has confirmed that passenger data was compromised during the February 14 cyberattack that knocked the airline’s website and mobile app offline for multiple hours.
During the hours-long attack, customers reported logging into the SAS app and having access to the wrong accounts, showing them flight itineraries and other personal details for those accounts.
The Cybernews team found the SAS website returning HTML code when searching for flights during the outage.
The airline put out a statement Thursday on its website confirming “that the affected passengers’ contact details, previous and upcoming flights, as well the last four digits of the credit card number were visible.”
The carrier also stated that passport details and EuroBonus points were not compromised.
Anonymous Sudan has since taken responsibility for the SAS attack.
They also claimed responsibility for the Valentine’s Day cyber attack targeting Sweden's national public television broadcaster, SVT, earlier that day.
The group warned of attacking Sweden in a 'Happy Valentine's Day' Telegram post – in retaliation for the burning of a Koran during demonstrations that took place in Stockholm this January.
“We will continue the attacks in a large and violent manner, if an official apology is not issued by the Swedish government regarding the burning of the Quran,” the group said.
Fears that pro-Russian hackers were backing the group were also confirmed after a faction known as UserSec posted on Telegram they were helping Anonymous Sudan target Swedish airports.
“Attacks like this often come in batches and more attacks are likely to come in the near future. However, this should not impact any passenger data,” SAS stated.
“We are monitoring the situation closely and continue the work to analyze and evaluate the attack and related consequences, as well as take preventive measures,” the airlines stated.
The carrier also noted they have been cooperating with the national CAA (Civil Aviation Agency), police, and security police on this and all security matters per usual.
SAS is the flagship carrier for Denmark, Norway and Sweden.
More from Cybernews:
Android game with 1m downloads leaked users’ private messages
India-linked group used Telegram to mastermind cyberattacks across Asia, says analyst
UK surveillance watchdog issues warning over Chinese cameras
Russia launches “Oculus” tool to monitor banned information online
Royal Mail called LockBit’s $80m ransom demand “absurd”
Subscribe to our newsletter
Your email address will not be published. Required fields are marked