Hackers targeted SAS’ website and reportedly leaked customer information from its app on the evening of February 14th. The problem was severe enough for the airline to warn its customers not to use the app until it was fixed.
Reuters spoke with Karin Nyman, head of press at SAS, who said that the airline was trying to work out a solution to protect the company website and app. She had earlier also told news agency TT that customers were at risk of getting false information from the app, so it was best not to use it. Reuters quoted her as saying, “We aren’t able to say a lot more right now as we are right in the attack right now.”
Interestingly, it wasn’t the only cyber attack making headlines in Sweden on Tuesday. The country’s national public television broadcaster, SVT, also found itself in a similar situation and had to be taken offline for some time. SVT released a statement, which said that a group calling themselves “Anonymous Sudan” had taken responsibility for the security breach.
Unfortunately, the SAS incident isn’t an isolated one and highlights the perpetual threat to the cyber security of airlines and airports around the world. Last year, India’s Go First airline faced a breach of its Twitter account when users noticed that the account’s profile picture displayed an image of Vitaly Dmitriyevich, a Canadian programmer and co-founder of Ethereum – a platform that deals with cryptocurrency.
In September, TAP Air Portugal reported that sensitive personal information of an undisclosed number of passengers was posted to the dark web. The airline noticed the data breach when it found that an unauthorized third party had access to several IT systems. It immediately deployed security measures to prevent the problem from growing any further.
In October, some major US airports faced a series of cyber attacks. A senior official briefed on the attacks said that they came from someone within the Russian Federation. Thankfully, the breach did not target any critical system.
One of the biggest airline cyber attacks in recent times targeted Cathay Pacific in 2018, in which personal data, including passport details, email, and credit card details, of up to 9.4 million passengers was accessed. The airline was fined £500,000 for failing to protect the information of its customers.