Scandinavian Airlines (SAS) has reported that a recent cyberattack on its website and mobile app. This attack led to the exposure of customer data. The airline told passengers that the multi-hour outage was because by the cyberattack. It led the exposure of contact details, upcoming and previous flights, and the last four digits of credit card numbers. The airline confirms that there was a minimal risk of exposure. The financial information was only partially leaked and was not easily exploitable.

Hacktivist group claims responsibility for SAS cyberattack

The group ‘Anonymous Sudan’ claimed responsibility for the cyberattack, citing an incident in front of the Turkish embassy in Stockholm, Sweden, on January 21, 2023, where a far-right nationalist group burnt a copy of the Holy Quran in protest to Turkey’s objections over Sweden’s NATO membership bid. SAS, as the flagship carrier of Sweden, Denmark, and Norway, was under targetby the group to express their condemnation of the incident. The same group also targeted Sweden’s national public television broadcaster, SVT, earlier in the week, forcing a temporary outage.

SAS emphasizes preventive measures for cybersecurity

SAS clarified that passport details were not exposed, and the airline is closely monitoring the situation and evaluating the attack’s consequences. In response, the airline has vowed to take preventive measures and is working with the national Civil Aviation Agency, police, and security police. SAS emphasizes the need for organizations to have enhanced cybersecurity measures in place to prevent cyberattacks and data breaches.

Cybersecurity best practices for business

To safeguard against cyber threats, organizations must implement robust cybersecurity measures, such as regular cybersecurity assessments, employee awareness training, multi-factor authentication, incident response planning, and partnering with cybersecurity experts. The SAS cyberattack serves as a reminder for businesses to prioritize cybersecurity measures to protect their systems and data.

The cyberattack on SAS and other organizations worldwide highlights the need for enhanced cybersecurity measures. Businesses must be proactive in protecting their systems and data against emerging cyber threats by implementing appropriate cybersecurity measures. By prioritizing cybersecurity, businesses can safeguard their operations and protect their customers’ sensitive information from cybercriminals.