Air France and KLM Royal Dutch Airlines have issued data breach notifications to customers following a third-party security incident that exposed personal information.
The breach reportedly stemmed from unauthorized access to a third-party platform used by KLM's customer service. According to a statement shared, both airlines part of the Air France-KLM group are investigating the incident after detecting unusual activity. The companies swiftly implemented corrective measures alongside the affected service provider to contain the breach.
Although sensitive data such as passport numbers, payment card details, passwords, and loyalty program balances (Flying Blue Miles) were not compromised, attackers did access identifiable personal details. These include:
- Names and surnames
- Contact information
- Flying Blue membership numbers and tier levels
- Subject lines of customer service emails
The breach appears to involve a customer service partner or similar third-party vendor. While the total number of affected customers remains unknown, the compromised data could be exploited for identity theft or social engineering scams. These might include impersonation tactics involving fake travel issues or account inquiries.
KLM has reported the breach to the Dutch Data Protection Authority and urged affected users to stay alert for phishing messages or suspicious activity.
With over 36,000 employees, KLM operates nearly 200 aircraft and reported over $14.5 billion in revenue last year. Air France, employing 38,000 staff, generated nearly $19 billion. Both are key players in the European aviation sector.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
