The cyber attack against SAS meant that customers gained access to other users’ personal information. With high pressure for data breaches against Norwegian businesses, the Norwegian Data Protection Authority is asking individuals to be vigilant.
– We are in dialogue with SAS, where we are trying to understand how this has happened, and how it may affect Norwegian interests. It’s about support for their handling, but also the information needs we have, says Deputy Director and Deputy Head of the National Security Centre, Gullik Gundersen, to VG.
The Scandinavian airline SAS was exposed to a cyber attack on Tuesday. This led to the websites and app being down for a few hours on Tuesday afternoon and evening.
Several customers also experienced being logged into other people’s user accounts, with access to passenger data and the last four digits of the credit card numbers.
Just before 2pm on Wednesday, SAS assured that the situation was under control and that it was safe to use their services again.
– We are following the situation and are paying attention to what is going on, says Gundersen.
– We take this seriously
SAS states that several other companies and actors were affected by the attack, without wanting to specify which ones.
– We are working hard to evaluate the attack, and not least to prevent any new attacks, says communications manager at SAS Norway, Tonje Sund, to VG.
SAS is now working to inform customers who were affected by the attack, and has published information on its own websites.
– We take this seriously. We continue to follow the situation closely, says the communications manager.
Privacy under pressure
The attack against SAS is one of several cyber attacks against Norwegian businesses recently, according to Janne Stang Dahl, director of communications at the Norwegian Data Protection Authority.
– There are attacks all the time. For example, there have been attacks in several municipalities recently, which we have registered, she tells VG.
She points out that there is a lot of “movement” at the moment, and links it to troubled political conditions.
Such attacks pose a threat to the individual’s privacy, Dahl points out, and point the finger at public and private companies’ systems for information security.
– Privacy is under pressure. We can’t say it enough. Make sure you have good routines for how you process customer and public information. It is vulnerable, says the director of communications at the Norwegian Data Protection Authority.
– What can we as individuals do to protect our personal information?
– What you should look for when you share information about yourself is what it will be used for, says Dahl and points out that all websites are required to have a privacy policy that states how the personal information about you is used.
– So should one start READING privacy statements?
– Yes, the advice is to look through these. But businesses are obliged to say in a simple way how personal data about you is used, stored and shared. The important thing is that they are treated and used in a responsible manner.
