San Francisco International Airport victim of cyber-attack in March 2020

San Francisco International Airport (SFO) has published a notice of data breach detailing that some users of its websites may have been the victim of hackers who attempted to steal user login credentials during a cyber-attack in March 2020.

The notice explained that SFOConnect.com – a site used by airport employees to find up-to-date airport security news tied to badges and ground transportation – and SFOConstruction.com – a site dedicated to San Francisco International Airport construction projects – were the targets of a cyber-attack in which the attackers inserted malicious computer code on the websites to steal some users’ login credentials.

It went on to state that users possibly impacted by this attack include those accessing the websites from outside the airport network through Internet Explorer on a Windows-based personal device or a device not maintained by the airport.

SFO currently believes that the attackers may have accessed the impacted users’ usernames and passwords used to log on to those personal devices.

Following the cyber-attack, the airport worked to remove the malicious code from the affected websites, as well as taking both sites offline. The airport also forced a reset of all SFO-related email and network passwords.

It is now being recommended that, if users visited either website outside of the airport’s managed networks using Internet Explorer on a Windows-based device, the password used to log in to that device should be changed immediately. In addition, users should consider changing any credentials that use the same username and password combination.