Scandinavian Airlines (SAS) has issued a notice warning passengers that a recent hour-long outage of its website and mobile app was caused by a cyberattack that also exposed customer data.
The cyberattack caused a form of malfunction in the airline’s online system, making passenger data visible to other passengers. This data includes contact details, previous and upcoming flights, and the last four digits of the credit card number.
The airline, which operates a fleet of 131 planes and flies passengers to 168 destinations, says the risk of this exposure is minimal, as the financial information disclosed is only partial and cannot be easily exploited. Furthermore, he clarifies that no passport details were exposed.
However, full names and contact details are sufficient to allow threat actors and scammers to perform targeted phishing attacks if they accessed data exposed during the attack.
“We always cooperate with the National CAA (Civil Aviation Agency), Police and Security Police where security matters are concerned – whatever the issue at hand,” the SAS statement concludes.
“We are monitoring the situation closely and continuing to analyze and assess the attack and its consequences, as well as take preventive measures.”
“Anonymous Sudan” takes responsibility
As reported by The recordthe attack on SAS was claimed by a group of so-called hacktivists called “Anonymous Sudan”, who posted a statement about the attack on their Telegram channel.
Threat actors say they attacked SAS because of an event that happened outside the Turkish Embassy in Stockholm, Sweden on January 21, 2023, where a far-right nationalist group burned a copy of the Holy Quran to protest Turkey’s objections. on Sweden’s application for NATO membership.
This act drew condemnation from Muslims around the world, including Sudan. SAS being the flagship carrier of Sweden (as well as Denmark and Norway) has become a target for hacktivists seeking to voice their condemnation.
The same group of actors hit SVT earlier this week, forcing Sweden’s national public broadcaster into a temporary hiatus.
IT security experts interviewed by SVT declared that Russian hackers are likely to be carrying out the attacks or at least assisting the Sudanese group with firepower and know-how.