Air France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data of an undisclosed number of customers.
Together with Transavia, Air France and KLM are part of Air France–KLM Group, a French-Dutch multinational airline holding company founded in 2004 and a major player in international air transport.
With a fleet of 564 aircraft and 78,000 employees, Air France-KLM provides services to up to 300 destinations in 90 countries. In 2024, the aviation group transported 98 million passengers worldwide.
The two airlines stated that they’ve cut off the attackers’ access to the compromised systems after discovering the breach and added that their networks were not affected by the attack.
“Air France and KLM have detected unusual activity on an external platform we use for customer service. This activity resulted in unauthorized access to customer data,” they said. “Our IT security teams, along with the relevant external party, took immediate action to stop the unauthorized access. Measures have also been implemented to prevent recurrence. Internal Air France and KLM systems were not affected.”
While the attackers gained access to customer data, Air France and KLM said that the customers’ financial and personal information was not affected. The airlines have also notified relevant authorities in their countries of the incident and are now also alerting impacted individuals that their data was stolen.
“KLM has reported the incident to the Dutch Data Protection Authority; Air France has done so in France with the CNIL,” they added. “Customers whose data may have been accessed are currently being informed and advised to be extra vigilant for suspicious emails or phone calls.”
This comes on the heels of other aviation breaches linked to the Scattered Spider hacker collective, which has shifted its focus to aviation and transportation firms, breaching WestJet and Hawaiian Airlines after previously targeting the insurance and retail sectors.
Multiple high-profile companies, including Adidas, Qantas, Allianz Life, Louis Vuitton, Dior, Tiffany & Co., Chanel, and, most recently, Google, were also recently breached in a series of attacks targeting Salesforce instances linked to a threat actor known as ShinyHunters.
An Air France–KLM spokesperson was not immediately available for comment when contacted by BleepingComputer to disclose the number of individuals affected and to confirm whether the customers’ data was stolen from a compromised Salesforce instance.
Malware targeting password stores surged 3X as attackers executed stealthy Perfect Heist scenarios, infiltrating and exploiting critical systems.
Discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.