Skip to main content


Click Here for Notice

April 7, 2020

TO: All Airport Commission Employees

FROM: Airport ITT

SUBJECT: Notice of Data Breach

What happened? and were the targets of a cyberattack in March 2020. The attackers inserted malicious computer code on these websites to steal some users’ login credentials. Users possibly impacted by this attack include those accessing these websites from outside the airport network through Internet Explorer on a Windows-based personal device or a device not maintained by SFO.

What information was involved? At this time, it appears the attackers may have accessed the impacted users’ usernames and passwords used to log on to those personal devices.

What we are doing? The malicious code was removed from the affected websites. and were taken offline. The airport also forced a reset of all SFO related email and network passwords on Monday, March 23, 2020.

What you can do? If you visited either website outside of SFO’s managed networks and using Internet Explorer on a Windows-based device, you should change the password you use to log in to that device. You should also consider changing any credentials that use the same username and password combination. For more information, please contact SFO by email: