The flag carrier for Norway, Sweden and Denmark, Scandinavian Airlines (SAS), recently posted a security advisory notice for passengers. The airline warned passengers that a multi-hour outage its mobile application and company website had experienced was the result of a targeted cyberattack. It also advised them that customer data was exposed in the incident.

Impact of a cyberattack

The attack on SAS led to some type of malfunction on its online systems, which led to private passenger data becoming visible to other customers of the airline. The data compromised during the event included personal contact details, upcoming and previous flights, along with financial details. Namely, the four final digits of their credit card numbers.

The security update from SAS read:

“Last night SAS, alongside several other companies, were subjected to a cyberattack that led to our website and app being down for a few hours. Furthermore, some passengers’ data became visible to other passengers who were active during the ongoing attack.”

The prominent airline, which currently operates a fleet of 131 aircraft transporting passengers to around 168 different destinations, commented that the risk level of the exposure is considered minimal as the financial data leaked is partial, making it difficult for attackers to exploit. The airline also confirmed that no passenger passport details were exposed to other passengers or threat operators while the cyberattack took place.

However, private data in the form of full passenger names and personal contact information was revealed and is enough to enable threat operators or scammers to conduct targeted phishing attacks should they have accessed the compromised data in the attack.

The recent statement from SAS commented on its liaison with local authorities and regulatory bodies, adding:

“We always cooperate with the national CAA (Civil Aviation Agency), police, and security police when security matters are concerned – irrespective of the issue in question. We are monitoring the situation closely and continue the work to analyse and evaluate the attack and related consequences, as well as take preventive measures.”

Attack group claim responsibility for cyberattack

The attack against SAS and other airlines was claimed by a threat group that calls itself ‘Anonymous Sudan,’ via a posted statement regarding the incident on its Telegram channel.

The hackers state they struck SAS in reaction to an incident that took place outside the embassy of Turkey in Sweden’s Stockholm this year in January. The event involved a nationalist extreme-right group burning an edition of the Quran to protest Turkey’s objections to Sweden’s attempts to become an official member of NATO.

The act has drawn widespread condemnation from members of the Muslim community worldwide, including Sudan. SAS was selected as a target to express the attack group’s condemnation due to it carrying the Swedish flag.

Anonymous Sudan also struck the broadcaster of national television in Sweden, creating a temporary outage for SVT.

IT security specialists questioned by the broadcaster commented that it is likely that hackers from Russia are performing the attacks or aiding the threat operators with technical expertise.