Security News > 2023 > February > Scandinavian Airlines says cyberattack caused passenger data leak
Scandinavian Airlines has posted a notice warning passengers that a recent multi-hour outage of its website and mobile app was caused by a cyberattack that also exposed customer data.
The cyberattack caused some form of a malfunction on the airline's online system, causing passenger data to become visible to other passengers.
"Last night SAS, alongside several other companies, were subjected to a cyberattack that led to our website and app being down for a few hours. Furthermore, some passengers' data became visible to other passengers who were active during the ongoing attack." - SAS. The airline, which operates a fleet size of 131 aircraft and flies people to 168 destinations, says the risk of this exposure is minimal, as the leaked financial information is only partial and cannot be easily exploited.
Full names and contact information is enough to allow threat actors and scammers to perform targeted phishing attacks if they accessed the exposed data during the attack.
"We are monitoring the situation closely and continue the work to analyze and evaluate the attack and related consequences, as well as take preventive measures."
The threat actors state they attacked SAS due to an event that took place in front of the Turkish embassy in Stockholm, Sweden, on January 21, 2023, where a far-right nationalist group burnt a copy of the Holy Quran in protest to Turkey's objections over Sweden's NATO membership bid.