Air France and KLM customers may have had personal details exposed following data breach

News
By published

Airline giants notify customers of a cyber incident

Airplane
(Image credit: Pixabay)
  • Unidentified hackers access Air France and KLM through a third-party service provider
  • The attackers stole names, contact details, and more
  • Passport data was not compromised

Air France and KLM Royal Dutch Airlines have confirmed recently suffering cyberattacks in which both airlines lost sensitive customer data.

The companies, both owned by the same airline holding firm, sent out data breach notification letters to affected customers, and in a statement shared with Tweakers, KLM said the incident happened when threat actors broke into a third-party service provider.

“Unusual activity was detected on a third-party platform used by our contact centres, which led our IT security team, together with the third-party system involved, to swiftly implement corrective measures to put an end to the incident,” the company also told Cybernews.

Was it Scattered Spider?

We don’t know exactly how many people were affected by the breach, but the airlines transport more than 80 million people every year.

The information stolen in this attack include people’s full names, contact details, Flying Blue numbers and tier levels, and subject lines of service request emails.

Luckily, passport numbers, payment card details, passwords, or Flying Blue Miles (the airline’s loyalty program) balances were not stolen.

There was no word on the attackers, and no one claimed responsibility for the attack.

However, in late June 2025, the FBI warned Scattered Spider hackers were now increasing targeting airlines.

Scattered Spider works by impersonating company staff, and convincing support employees from the IT department that they lost access to their corporate accounts.

After gaining initial access, they map out the company, identify high-level individuals, and then repeat the process until they gain access to accounts through which they can steal data.

The hacking group struck Qantas in early July 2025, and Hawaiian Airlines in late June, and Russian Aeroflot, American GlobalX, and Canadian WestJet have all suffered similar incidents in recent months.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.