Air France and KLM Confirm Cyber Attack Leading to Data Breach

When the Federal Bureau of Investigation issued an urgent warning that notorious cybercriminal hackers were shifting victim focus from retail to the aviation sector, it wasn’t long before the attacks started. Qantas was first to confirm a massive data breach, and now Air France and KLM have issued a statement confirming that access to customer data has been unlawfully obtained. Here’s what we know so far about the Air France KLM data breach, cyber attack in aviation, and implications for Travel Advantage users.

What We Know About The Air France And KLM Data Breach

A reader contacted me yesterday to alert me to the fact that he had just received an email from KLM informing him that there had been a data breach and his personal details were impacted. That email notification has been published below in its entirety, aside from redacting the reader’s name for privacy reasons.

KLM data breach notification email.

Air France and KLM have both now confirmed that this was due to a cyber attack on an external platform that we use for our customer service, and that customer data was accessed. The brief statement, which I have translated from Dutch, said that Internal Air France and KLM systems have not been affected, and that the attack has stopped, along with measures being taken to prevent a repeat of the data breach, although what those measures are was not shared. No sensitive data such as passwords, travel details, Flying Blue miles, passport or credit card information has been stolen, the statement read. However, as the notification email explained, data that could be of use to cybercriminals in further attack scenarios was breached, including:

• First name
• Family name
• Contact details
• Flying Blue number and tier level
• Subject line of service request emails

KLM advised that customers remain extra alert to suspicious emails or phone calls, as a consequence.

A sentiment shared by the lead security awareness advocate at KnowBe4, Javvad Malik, who told me that customers must remain alert for sophisticated follow-on scams, while organisations need to rigorously assess and continually monitor all parties who have access to their data.

Air France and KLM's response to a recent breach is a notable example of effective breach handling: they swiftly cut off the attackers, notified authorities, and informed affected customers, Boris Cipot, senior security engineer at Black Duck, said in relation to the latest airline data breach revelation.