A data breach has led to the customer data theft potentially affecting thousands of UK customers who use Air France, KLM and Transavia. The issue has been disclosed by the Air France-KLM group. According to the group, the breach was of its customer service system, and the attack was cut off once discovered.
About the data breach
The airlines detected unusual activity on an external platform it uses for customer service.
“Air France and KLM have detected unusual activity on an external platform we use for customer service. This activity resulted in unauthorized access to customer data.”
The group is keen to point out that its operational systems were not affected by the attack.
“Our IT security teams, along with the relevant external party, took immediate action to stop the unauthorized access. Measures have also been implemented to prevent recurrence. Internal Air France and KLM systems were not affected.”
Around 98 million passengers travelled with Air France-KLM in 2024, operating to 300 destinations around the world.
Even if the emails contain accurate information on current and upcoming flights, customers who have accounts with the airline should now be on the lookout for fake emails pretending to be from any of the airlines.
KLM advised that customers remain “extra alert to suspicious emails or phone calls” as a consequence.
A sentiment shared by the lead security awareness advocate at KnowBe4, Javvad Malik, who told me that
“customers must remain alert for sophisticated follow-on scams, while organisations need to rigorously assess and continually monitor all parties who have access to their data.”
Boris Cipot, senior security engineer at Black Duck, added that
“Air France and KLM’s response to a recent breach is a notable example of effective breach handling: they swiftly cut off the attackers, notified authorities, and informed affected customers,”
Were you affected by this issue? Join the conversation in the comments below.
