KLM and Air France Data Breach Possibly Exposed Customer Information

• KLM and Air France: A new breach at Air France-KLM Group raised alarms about the increasing cybersecurity risks in the aviation sector.
• Breach source: The prominent airline group stated a third-party customer service platform was compromised.
• What was exposed: First and last names, phone numbers, email addresses, and Flying Blue details may have been accessed.

A recently disclosed Air France-KLM Group breach reportedly stemmed from a compromise at a third-party customer service provider both airlines used, which led to unauthorized access to sensitive information of travelers who had contacted the airline's support teams. 

Compromised Data and Impact  

The exposed data may include first and last names, phone numbers, email addresses, frequent flyer program details such as Flying Blue numbers and statuses, and the subjects of support tickets. 

Importantly, other sensitive information, such as passwords, travel details, Flying Blue miles, and passport or credit card details, remains secure. 

The major European airlines KLM and Air France merged in 2004 to form the Air France-KLM Group, and both used the same unnamed customer service provider. Neither KLM nor Air France’s internal systems were affected, indicating the breach may be confined to their third-party vendor.  

The Group’s notice reportedly stated that the incident was reported to regulators by both divisions of Air France-KLM, and the airlines moved swiftly to mitigate the risks. 

With frequent flyer numbers potentially being exploited in phishing schemes, customers are advised to remain vigilant and monitor their accounts for unusual activity.  

Aviation Cybersecurity Under Strain  

This data breach adds KLM and Air France to a growing roster of aviation entities targeted this year by cyberattacks. Major airlines, including Qantas, Cathay Pacific, Hawaiian Airlines, WestJet, Cyprus Airways, South African Airways, GlobalX Air, and NetJets, have confirmed breaches earlier in 2025, according to HackManac. 

Additionally, reports linked ransomware gangs Lynx, Stormous, and Qilin to attacks on Corporate Flight Inc., Wizz Air, and Elit'Avia, with the latter group also claiming a confirmed breach at airport management company Malaysia Airports Holdings Berhad.

The aviation industry remains highly attractive to threat actors due to its reliance on extensive customer data and operational technologies. The FBI issued a warning about cybersecurity threats in the aviation sector, highlighting the tactics employed by entities such as the Scattered Spider group. 

Several recent data breaches involved impersonating IT help desks to steal credentials, as it happened in the Clorox case and with Allianz Life Insurance Company of North America. In July, a BEC scam targeting aviation executives leveraged fake Microsoft 365 login pages.