Airline group Air France-KLM has disclosed that a data breach has led to the theft of customer data potentially affecting thousands of UK customers who use Air France, KLM and Transavia.
According to a report in Bleeping Computer, the group says that the breach was of its customer service system and the attack was cut off once discovered.
“Air France and KLM have detected unusual activity on an external platform we use for customer service. This activity resulted in unauthorized access to customer data,”
Air France-KLM flew around 98 million passengers in 2024 operating to 300 destinations around the world.
The group is keen to point out that its operational systems were not affected by the attack.
“Our IT security teams, along with the relevant external party, took immediate action to stop the unauthorized access. Measures have also been implemented to prevent recurrence. Internal Air France and KLM systems were not affected.”
Customers who have accounts with Air France-KLM should now be vigilant against spoof emails promoting to come from any of the Air France-KLM airlines even if they contain genuine information about future and current flights.
According to Bleeping Computer, the attach was carried by a hacker group known as Shiny Hunters Extortion Group which focuses on companies that use the Salesforce platform.
Javvad Malik, Lead Security Awareness Advocate at KnowBe4: “This incident demonstrates that even when core systems remain untouched, third party and smaller isolated systems can expose sensitive customer data.
Customers must remain alert for sophisticated follow-on scams, while organisations need to rigorously assess and continually monitor all parties who have access to their data. While processes and systems can be outsourced, security remains their responsibility. And when a breach occurs, their brand is the one which suffers the impact, and it is trust in them that is eroded.”
Discover more from UK Aviation News
Subscribe to get the latest posts sent to your email.
