The incident involved SFOConnect.com and SFOConstruction.com, two low-traffic websites designed to keep visitors informed on a variety of SFO-related topics, such as the COVID-19 crisis, alternate AirTrain routing, airfield operations, airport construction contracts, and the like.
In March 2020, the websites were targeted by cyber-criminals who injected malicious code into them, aiming to steal the login credentials of visiting individuals.
“Users possibly impacted by this attack include those accessing these websites from outside the airport network through Internet Explorer on a Windows-based personal device or a device not maintained by SFO,” the airport announced in a breach notice (PDF).
