Air France, KLM warn customers of data breach linked to third-party platform

Air France and KLM are alerting some customers to a potential data breach after hackers accessed a third-party customer service platform used by both airlines.

In notifications sent to affected individuals, the airline group confirmed that attackers may have obtained limited personal information, including full names, contact details, Flying Blue loyalty program numbers, and subject lines of service request emails, Caliber.Az reports via foreign media. 

The companies emphasised that no sensitive information—such as passwords, passport numbers, credit card data, travel itineraries, or loyalty points—was compromised in the breach.

Despite the limited scope of the data exposed, Air France and KLM are urging customers to remain vigilant against potential phishing attempts via email or phone. The incident has been reported to data protection authorities in both France and the Netherlands, where the airlines are headquartered.

Although the affected platform has not been publicly identified, the breach appears to be part of a broader wave of cyberattacks targeting third-party customer relationship management (CRM) systems. According to cybersecurity outlet Bleeping Computer, multiple recent data breaches across major companies have been linked to a campaign against Salesforce instances.

The hacker group ShinyHunters has claimed responsibility for the campaign, with some evidence suggesting a possible merger with the notorious Scattered Spider cybercrime group. Security experts have recently warned that Scattered Spider has shifted focus to the airline industry.

The attacks reportedly do not involve exploiting vulnerabilities in Salesforce itself. Instead, the cybercriminals are using phishing and social engineering tactics to compromise specific targeted systems.

By Sabina Mammadli