Air France and KLM Customers May Have Had Personal Details Exposed Following Data Breach

Two of the largest airlines in Europe, Air France and KLM Royal Dutch Airlines, have recently suffered a devastating cyberattack that exposed sensitive customer data to threat actors.

The airlines, both owned by the same airline holding firm, confirmed the breach in a statement shared with Tweakers. According to KLM, the incident occurred when threat actors broke into a third-party service provider used by their contact centers.

“Unusual activity was detected on a third-party platform used by our contact centres, which led our IT security team, together with the third-party system involved, to swiftly implement corrective measures to put an end to the incident,” KLM stated. The company emphasized that they took swift action to mitigate the breach and prevent further unauthorized access.

The exact number of customers affected by the breach is still unknown, but it's estimated that over 80 million people are transported by Air France and KLM every year. Unfortunately, customer data such as full names, contact details, Flying Blue numbers, and subject lines of service request emails were compromised in this attack.

However, there was no exposure of passport numbers, payment card details, passwords, or balances for the airline's loyalty program, Flying Blue Miles. Despite the breach, KLM has assured customers that they will not suffer any financial losses due to the incident.

The Rise of Scattered Spider Hackers

In a concerning development, the FBI recently warned about an increasing number of cyberattacks by a group known as Scattered Spider hackers. These hackers are notorious for impersonating company staff and convincing IT support employees that their corporate accounts have been compromised.

Scattered Spider works by mapping out companies, identifying high-level individuals, and repeating the process until they gain access to sensitive data through compromised accounts. The hacking group has already targeted several airlines, including Qantas, Hawaiian Airlines, Aeroflot, American GlobalX, and Canadian WestJet in recent months.

Prevention is Key

To protect themselves from such cyberattacks, customers are advised to remain vigilant and take proactive steps to secure their personal data. Regularly updating software, using strong passwords, and enabling two-factor authentication can help prevent unauthorized access to sensitive information.

Customers of Air France and KLM should also be aware of the potential risks associated with third-party service providers used by their contact centers. Regularly monitoring email accounts and being cautious when interacting with unsolicited emails can also help prevent data breaches.

Stay Safe Online

If you are a customer of Air France or KLM, it's essential to take immediate action to protect your personal details. Check your bank statements and credit reports for any suspicious activity, and contact the airlines' customer support teams if you have any concerns.

By staying informed and taking proactive steps to secure your online presence, you can help prevent data breaches and protect your sensitive information from falling into the wrong hands.