Scandinavian Airlines mobile app cyberattack - Mobile Security Briefing 2023.083

On 14 Feb 2023, Scandinavian Airlines warned users to stop using their mobile app as they were under an active cyberattack and user’s may receive incorrect data, including other customer’s personal information including:

  • contact details
  • previous and upcoming flights
  • last four digits of the credit card number

The incident was resolved several hours later but additional details are not available at this time. The last updated was posted in the Newsroom section of the SAS website on February 15, 2023 12:56. An anonymous hactivist group took responsibility for the attack.

According to Simple Flying, the airline industry is struggling recently with cyberattacks and system issues including:

  • India’s Go First airline faced a breach of its Twitter account in 2022
  • TAP Air Portugal experienced a data breach in September 2022 with customer data posted on the dark web
  • Multiple US airports were targeted by Russian hackers in October 2022
  • Cathay Pacific lost significant customer data in 2018 passport details, email, and credit card details, of up to 9.4 million passengers from a cyberattack and was fined £500,000.

Southwest Airlines and the Federal Aviation Administration also both experienced system outages in late 2022 and Jan 2023 not only wrecking havoc on travel but also had implications for impact airline safety.