Air France and KLM Disclose Data Breach Following Third-Party Platform Hack
In a recent development, Air France and KLM have disclosed a data breach following the unauthorized access to a third-party platform used for customer support. The airlines confirmed that threat actors gained access to the platform of an unnamed service provider, potentially exposing some customers' personal information.
The incident has raised concerns among airline passengers, who may be worried about the potential exposure of their sensitive data. However, Air France and KLM have reassured customers that their internal systems were not affected, and no sensitive data, such as passwords, travel details, mileage, passports, or credit card information, was stolen.
The exposed data includes first and last name, contact details, service request email subject lines, and Flying Blue loyalty program numbers. The airlines have notified law enforcement and reported the incident to the Dutch Data Protection Authority and the French CNIL.
Airlines' Response and Measures
"Air France and KLM have detected unusual activity on an external platform we use for customer service. This activity resulted in unauthorized access to customer data," reads a statement published by the companies. "Our IT security teams, along with the relevant external party, took immediate action to stop the unauthorized access. Measures have also been implemented to prevent recurrence. Internal Air France and KLM systems were not affected."
The airlines are now notifying affected customers and advising them to stay alert for suspicious emails or calls. This move demonstrates their commitment to transparency and customer protection.
Broader Campaign by ShinyHunters Extortion Group
Bleeping Computer first reported that the data breaches suffered by Air France and KLM are part of a broader campaign by the ShinyHunters extortion group, which uses vishing and social engineering to target Salesforce instances. Other major companies, including Google, Adidas, Qantas, and Chanel, have also been affected.
This incident highlights the importance of vigilance in protecting sensitive data. As the threat landscape continues to evolve, it is crucial for organizations to stay proactive and implement robust security measures to prevent similar breaches.
Conclusion
Air France and KLM's disclosure of the data breach serves as a reminder of the need for businesses to prioritize cybersecurity. The airlines' swift response and adoption of preventive measures demonstrate their commitment to protecting customer data. As the threat landscape continues to evolve, it is essential for organizations to remain vigilant and proactive in protecting sensitive information.