Air France and KLM Confirm Third-Party Data Breach Impacting Customer Information

Air France and KLM have confirmed a data breach via a third-party vendor, exposing personal information of loyalty members and airline customers to potential cyber threats.
Air France and KLM Confirm Third-Party Data Breach Impacting Customer Information
Table of Contents
    Add a header to begin generating the table of contents

    Air France and KLM Royal Dutch Airlines have begun notifying customers of a data breach involving a third-party service provider, exposing personal information of loyalty program members and other passengers. The companies confirmed the breach in an official statement, saying their cybersecurity teams are investigating the incident alongside the affected vendor.

    Customer information accessed via compromised third-party system

    The breach originated from a platform used by the airlines’ customer service teams. Though the airlines themselves were not directly compromised, attackers were able to access customer data held by the third-party provider. Both Air France and KLM are subsidiaries of the Air France-KLM Group, one of Europe’s largest airline holdings.

    “Unusual activity was detected on a third-party platform used by our contact centres, which led our IT security team, together with the third-party system involved, to swiftly implement corrective measures to put an end to the incident,” the company said in a statement.

    The compromised data includes personally identifiable information (PII), such as:

    • Full names and surnames
    • Contact details
    • Flying Blue loyalty program numbers and membership tiers
    • Subject lines of customer service emails

    Critically, the airlines confirmed that no passport numbers, payment details, account passwords, or Flying Blue miles balances were exposed during the breach.

    Air France-KLM warns of increased cyber risk to affected customers

    While the exact number of affected individuals has not been disclosed, the type of data accessed could make impacted customers vulnerable to phishing and impersonation attacks. Threat actors may use the stolen information to craft convincing scams, such as flight cancellation alerts or account verification requests, posing as airline representatives.

    The breach notification also noted that the Dutch Data Protection Authority has been informed of the incident. Impacted customers are being advised to exercise caution when receiving unsolicited messages, particularly those requesting personal details or payment information.

    KLM and Air France respond to breach amid strong market presence

    KLM, operating a fleet of nearly 200 aircraft and employing over 36,000 staff, is a major player in the European aviation market with annual revenue above $14.5 billion. Air France, its sister carrier, employs 38,000 people and generated nearly $19 billion in revenue last year. The breach poses reputational and regulatory risks for both carriers, especially given their scale and reach.

    Related Posts