Air France and KLM have confirmed a data breach following an unauthorized cyberattack on a third-party platform they utilize for customer service. The incident, which has potentially exposed the personal information of some customers, was detected by the airlines’ IT security teams. Working in conjunction with external experts, the companies were able to swiftly contain the unauthorized access. The airlines have since taken proactive steps to mitigate further risk, including implementing preventive measures to secure their systems and prevent a recurrence of such an event. Both the Dutch Data Protection Authority and the French CNIL have been notified of the incident, and law enforcement has also been alerted.
The breach, which did not compromise Air France and KLM’s core internal systems, was limited to the unnamed third-party service provider’s platform. The types of data potentially exposed include customers’ first and last names, contact details, the subject lines of their service request emails, and their Flying Blue loyalty program numbers. Crucially, the airlines have reassured customers that no sensitive data, such as passwords, travel details, mileage information, passport numbers, or credit card information, was accessed or stolen. The companies’ statement emphasized that their internal systems remained secure and unaffected by the breach, and that they took immediate action to address the unauthorized activity.
The airlines are now in the process of notifying all affected customers directly. In their communications, they are advising customers to exercise caution and remain vigilant against potential phishing attempts. Specifically, they are urging customers to be on the lookout for suspicious emails or phone calls that could be related to the data breach. This recommendation is a standard and important security measure aimed at protecting customers from further exploitation by cybercriminals who may use the stolen data to craft more convincing social engineering attacks.
This specific data breach is part of a broader campaign orchestrated by the extortion group known as ShinyHunters.
This group is reportedly employing sophisticated techniques, including vishing and other social engineering tactics, to gain unauthorized access to instances of Salesforce and other platforms used by major corporations. The attack on Air France and KLM appears to be one of many in this widespread campaign, highlighting a significant and ongoing threat to corporate data security across various industries.
The ShinyHunters campaign has not been limited to just Air France and KLM. Other prominent global companies have also reportedly fallen victim to similar attacks. Major brands such as Google, Adidas, Qantas, and Chanel are among the other companies that have been affected by this cybercriminal group’s activities. This wider context underscores the growing challenge for companies in securing not only their own internal infrastructure but also the platforms and services provided by their third-party vendors and partners. The reliance on external services for critical business functions, while often efficient, introduces new vectors for potential security vulnerabilities.
Reference:
