San Francisco International Airport Discloses Possible Data Breach

San Francisco International Airport (SFO) experienced a cyberattack in March 2020 that may have impacted users who accessed SFOConnect.com and SFOConstruction.com, according to a memo sent to all airport commission employees last week. Users who accessed these websites from outside the airport's network via Internet Explorer on a Windows-based personal device may be affected by the cyberattack.

Cybercriminals inserted malicious code on SFOConnect.com and SFOConstruction.com to steal users' login credentials, the memo indicated. As such, they may have been able to access some users' login information for their personal devices during the attack.

SFOConnect.com and SFOConstruction.com were taken offline after the cyberattack was discovered, the memo stated. In addition, the malicious code used during the cyberattack was removed from both websites, and the airport reset all SFO-related email and network passwords on March 23.

SFO is encouraging any SFOConnect.com and SFOConstruction.com users who may have been affected by the cyberattack to change the password for their personal devices. It also is urging these users to change any login credentials that leverage the same username and password combination.

Cybercriminals Attack New York Airport

The potential SFO data breach comes after hackers in December 2019 used Sodinokibi ransomware to attack the Albany County Airport Authority.

Cybercriminals initially targeted LogicalNet, a hosting provider and MSP in Schenectady, New York. They then penetrated the airport's servers and backup servers.

The airport's insurance carrier paid the cyber ransom. Furthermore, cybercriminals shared a decryption key with the airport after the ransom was paid, and the airport recovered its encrypted data.