Air France–KLM Discloses Customer Data Breach, Warns Travelers of Elevated Phishing Threats

Air France and Dutch partner KLM have begun notifying customers that personal data was accessed during a cyber-intrusion at an unnamed third-party customer-service platform the carriers use to handle service requests.

Exposed records include names, email addresses, phone numbers, Flying Blue loyalty numbers, and the subject lines of customer messages; no passwords, payment cards, passports, or itinerary data were compromised. Both airlines say the attacker’s access was cut off and their internal networks were never reached.

The breach was detected on August 7th, 2025, when security teams spotted “unusual activity” on the external platform and worked with the vendor to contain it. Air France and KLM have reported the incident to France’s CNIL and the Dutch Data Protection Authority and are cooperating with investigators. Each affected customer receives a personalised notice outlining the types of data involved and steps to take.

While neither carrier has identified the supplier, security researchers at BleepingComputer note that the attack resembles a wave of intrusions in which the ShinyHunters extortion group uses phishing and social-engineering to loot Salesforce-hosted customer-service instances. The same playbook has recently been linked to breaches at Google, Adidas, Qantas, Dior, and other brands. Analysts say the episode underscores the aviation sector’s growing exposure to supply-chain weaknesses and SaaS misconfigurations.

Both airlines urge customers to watch for phishing emails or calls that reference their Flying Blue number or other personal details and to verify any unexpected request for information. The companies stress that booking data and loyalty-point balances remain intact and that no action is required on existing reservations.

Air France-KLM Group says its “IT security teams, along with the relevant external party, took immediate action to stop the unauthorized access.”

Previously, we wrote about a cyberattack on Quantas impacting 6 million customers.