IT breach at airline SAS gives passengers access to each other’s payment information

Several customers with Scandinavian airline SAS were late on Tuesday able to see personal information that did not belong to them after a cyberattack which froze the company’s website.
Visible information included customers’ contact information plus the last four numbers of their payment cards.
The issue was confirmed by SAS in an update on Wednesday.
The company stressed that the information is not at risk of being misused.
Customers were also briefly able to view passport details belonging to other customers, however.
SAS did not state whether the perpetrator of the cyberattack is known to the company.
But such attacks often come in clusters, meaning similar issues could occur again in the near future, it said.
The company also said it works closely with police on security issues including the latest cyberattack.
“We are monitoring the situation closely and are continuing the work of analysing and evaluating the consequences of the attack,” the company said.
“In addition, we are working to bring in preventative measures,” it also said.
Several websites in Sweden were targeted in cyberattacks on Tuesday, including the national broadcaster SVT and the Swedish health service.
Hacker group Anonymous Sudan claimed responsibility for these attacks, citing recent burnings of the Quran by far-right activist Rasmus Paludan as its motive.
A link to the attack on SAS is neither confirmed nor unconfirmed.
Comments
See Also
Visible information included customers’ contact information plus the last four numbers of their payment cards.
The issue was confirmed by SAS in an update on Wednesday.
The company stressed that the information is not at risk of being misused.
Customers were also briefly able to view passport details belonging to other customers, however.
SAS did not state whether the perpetrator of the cyberattack is known to the company.
But such attacks often come in clusters, meaning similar issues could occur again in the near future, it said.
The company also said it works closely with police on security issues including the latest cyberattack.
“We are monitoring the situation closely and are continuing the work of analysing and evaluating the consequences of the attack,” the company said.
“In addition, we are working to bring in preventative measures,” it also said.
Several websites in Sweden were targeted in cyberattacks on Tuesday, including the national broadcaster SVT and the Swedish health service.
Hacker group Anonymous Sudan claimed responsibility for these attacks, citing recent burnings of the Quran by far-right activist Rasmus Paludan as its motive.
A link to the attack on SAS is neither confirmed nor unconfirmed.
Join the conversation in our comments section below. Share your own views and experience and if you have a question or suggestion for our journalists then email us at [email protected].
Please keep comments civil, constructive and on topic – and make sure to read our terms of use before getting involved.
Please log in here to leave a comment.