Air France and KLM warn of a data breach exposing customer data via unauthorized access to a third-party platform.
Air France and KLM reported a data breach after hackers accessed a third-party platform, potentially exposing some customers’ personal information.
Both airlines confirmed that threat actors gained access to the platform of an unnamed service provider used for customer support.
Air France and KLM’s IT security teams, with the help of external experts, quickly stopped unauthorized access. They also announced the adoption of preventive measures.
The companies notified law enforcement and reported the incident to the Dutch Data Protection Authority and the French CNIL.
Exposed data includes first and last name, contact details, service request email subject lines, and Flying Blue loyalty program numbers. The companies confirmed that their internal systems were not affected, and no sensitive data, such as passwords, travel details, mileage, passports, or credit card information, was stolen.
“Air France and KLM have detected unusual activity on an external platform we use for customer service. This activity resulted in unauthorized access to customer data,” reads the statement published by the companies. “Our IT security teams, along with the relevant external party, took immediate action to stop the unauthorized access. Measures have also been implemented to prevent recurrence. Internal Air France and KLM systems were not affected.”
The airlines are notifying affected customers and advised customers to stay alert for suspicious emails or calls.
Bleeping Computer first reported that the data breaches suffered by Air France and KLM are part of a broader campaign by the ShinyHunters extortion group, which uses vishing and social engineering to target Salesforce instances.
Other major companies, including Google, Adidas, Qantas, and Chanel, have also been affected.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, KLM)