Scandinavian Airlines says cyberattack caused passenger data leak

Scandinavian Airlines (SAS) has posted a notice warning passengers that a recent multi-hour outage of its website and mobile app was caused by a cyberattack that also exposed customer data.

The cyberattack caused some form of a malfunction on the airline’s online system, causing passenger data to become visible to other passengers. This data includes contact details, previous and upcoming flights, as well the last four digits of the credit card number.

“Last night SAS, alongside several other companies, were subjected to a cyberattack that led to our website and app being down for a few hours. Furthermore, some passengers’ data became visible to other passengers who were active during the ongoing attack.” – SAS.

The airline, which operates a fleet size of 131 aircraft and flies people to 168 destinations, says the risk of this exposure is minimal, as the leaked financial information is only partial and cannot be easily exploited. Also, it clarifies that no passport details have been exposed.

However, full names and contact information is enough to allow threat actors and scammers to perform targeted phishing attacks if they accessed the exposed data during the attack.

“We always cooperate with the national CAA (Civil Aviation Agency), police, and security police when security matters are concerned – irrespective of the issue in question,” concludes the SAS statement.

“We are monitoring the situation closely and continue the work to analyze and evaluate the attack and related consequences, as well as take preventive measures.”

‘Anonymous Sudan’ takes responsibility

As reported by TheRecord, the attack on SAS was claimed by a group of so-called hacktivists called ‘Anonymous Sudan,’ who posted a statement about the attack on their Telegram channel.

Anonymous Sudan Telegram
Anonymous Sudan Telegram
(Protergo)

The threat actors state they attacked SAS due to an event that took place in front of the Turkish embassy in Stockholm, Sweden, on January 21, 2023, where a far-right nationalist group burnt a copy of the Holy Quran in protest to Turkey’s objections over Sweden’s NATO membership bid.

This act has drawn condemnation from Muslims worldwide, Sudan included. SAS being the flagship carrier of Sweden (and also Denmark and Norway) became a target for hacktivists seeking to express their condemnation.

The same group of actors hit SVT earlier this week, forcing Sweden’s national public television broadcaster into a temporary outage. 

IT security experts questioned by SVT stated that it’s likely that Russian hackers are conducting the attacks or at least aiding the Sudanese group with firepower and know-how.

Leave a Comment

Your email address will not be published. Required fields are marked *