Visible information included customers’ contact information plus the last four numbers of their payment cards.
The issue was confirmed by SAS in an update on Wednesday.
The company stressed that the information is not at risk of being misused.
Customers were also briefly able to view passport details belonging to other customers, however.
SAS did not state whether the perpetrator of the cyberattack is known to the company.
But such attacks often come in clusters, meaning similar issues could occur again in the near future, it said.
The company also said it works closely with police on security issues including the latest cyberattack.
“We are monitoring the situation closely and are continuing the work of analysing and evaluating the consequences of the attack,” the company said.
“In addition, we are working to bring in preventative measures,” it also said.
Several websites in Sweden were targeted in cyberattacks on Tuesday, including the national broadcaster SVT and the Swedish health service.
Hacker group Anonymous Sudan claimed responsibility for these attacks, citing recent burnings of the Quran by far-right activist Rasmus Paludan as its motive.
A link to the attack on SAS is neither confirmed nor unconfirmed.
Member comments