Customers of Air France and KLM airlines may have had their personal information exposed following a data hack. The breach happened after hackers managed to break into the Flying Blue loyalty program.
This page explains how the data breach happened, the facts of the case, and the consequences for the affected customers.
Customers of Air France and KLM airlines may have had their personal information exposed following a data hack. The breach happened after hackers broke into the Flying Blue loyalty program. Flying Blue is the loyalty program of Air France, KLM, Transavia, Aircalin, Kenya Airways and TAROM. It has 17 million members.
According to a statement by Air France and KLM (released 9 January 2023), the list of potentially compromised data included customer:
Customer credit card or payment information was not thought to be compromised.
Victims of data breaches often become the target of cybercriminals and similar privacy violations have resulted in fraud, blackmail, and identity theft. As such, we warned victims of the Air France/KLM data breach that they were at high risk of being targeted by cybercriminals and advised them to take immediate steps to protect themselves.
The two airlines have reported the incident to the relevant data protection authorities (Autoriteit Persoonsgegevens and Commission Nationale de l’Informatique et des Libertés). However, the airlines have came under attack for the way the breach has was reported. Several customers took to social media to express their anger that, while the statement implied that the airline group successfully fended off the attack, this was not the case and personal information was breached.
The breach happened after hackers managed to break into the Flying Blue loyalty program. According to the airlines:
“Our security operations teams have detected suspicious behavior by an unauthorized entity in relation to your account. We have immediately implemented corrective action to prevent further exposure of your data,” notifications sent to affected customers said.
“Our Information Security department is taking actions to prevent any suspicious activity with regard to your account.”
The list of potentially compromised data included customer:
The airlines contacted the affected individuals.