Air France and KLM hit by third-party data breach

Breach resulted from a security compromise from external service provider

Air France and KLM hit by third-party data breach

Breach resulted from a security compromise from external service provider

Air France and KLM Royal Dutch Airlines have confirmed a data breach following unauthorised access to a third-party platform used by their customer service teams.

The incident, which reportedly affected customer data belonging to KLM, originated from a security compromise involving an external service provider. Both airlines, which operate under the Air France-KLM holding group, are now investigating the breach and its potential impact.

According to a company statement, the intrusion was detected after “unusual activity” was observed on the third-party system.

“Unusual activity was detected on a third-party platform used by our contact centres, which led our IT security team, together with the third-party system involved, to swiftly implement corrective measures to put an end to the incident,” the airline said.

While payment details, passport numbers, account passwords, and Flying Blue loyalty points were not exposed, the attackers did obtain personally identifiable data, including full names, contact details, flying blue membership numbers and tier status and subject lines from customer service emails.

Customer service operations

The nature of the information suggests the breach stemmed from a supplier supporting KLM’s customer service operations. Although the number of individuals affected has not been confirmed, the data could be used in social engineering attacks or identity fraud.

The breach has been reported to the Dutch Data Protection Authority, and notifications are being sent to impacted customers.

It follows an attack on Australian airline Qantas in July, which was later attributed to the ShinyHunters (UNC6040) threat group. This group is also implicated in recent data breaches at Chanel, Cisco and Google.

KLM, a key player in European aviation, operates nearly 200 aircraft and employs over 36,000 people. Its partner, Air France, has a workforce of 38,000 and posted nearly $19 billion in revenue last year.