Klm, Air France Latest Major Organizations Looted For Customer Data
European airline giants Air France and KLM say they are the latest in a string of major organizations to have their customers’ data stolen by way of a break-in at a third party org.
The airlines, which share a parent company, Air France-KLM Group, said in a joint statement that they “detected unusual activity on an external platform we use for customer service,” which led to attackers accessing customer data.
“Our IT security teams, along with the relevant external party, took immediate action to stop the unauthorized access,” the statement read. “Measures have also been implemented to prevent recurrence. Internal Air France and KLM systems were not affected.
“No sensitive data such as passwords, travel details, Flying Blue miles, passport, or credit card information was stolen.”
The airlines did not publicly specify the types of data that were stolen, but the exclusion of sensitive data suggests basic personal information was involved.
However, customer notifications circulating online noted that first and family names, along with contact details, Flying Blue numbers and tier levels, and the subject lines of service request emails were accessed.
KLM and Air France advised customers to be on heightened alert for phishing attempts. Both said they had referred themselves to the Dutch and French data protection authorities, respectively.
The customer notice from Barry ter Voert, chief experience officer at KLM, read: “We recommend staying alert when receiving messages or other communication using your personal information, and to be cautious of any suspicious activity. The data involved in this breach could be used to make phishing messages appear more credible. If you receive unexpected messages or phone calls, especially asking for personal information or urging you to take action, please check their authenticity.
“We understand the concern this may cause, and we deeply regret any inconvenience this may have caused you.”
The Register approached the companies for additional information but they did not comment beyond the public statement.
The attack marks the latest in a string of data lapses at major organizations that also blamed a third party.
In recent weeks, luxury retailers Dior, Chanel, and Pandora all reported similar leaks at third party providers, as did Google, Qantas, and Allianz.
All of the above declined to identify the third party in question except for Google, which said this week that one of its Salesforce instances was raided.
None of the victims have attributed their attacks to any group – yet – but the prime suspect behind all of these intrusions is the ShinyHunters cybercrime crew, which is perhaps best known for its role in last year’s attacks on Snowflake customers.
Scattered Spider also changed its focus toward airlines earlier this year, and some researchers said it could be behind the attack on Hawaiian Airlines in June.
Check Point said last month that the attacks on Qantas and WestJet, which all occurred within three weeks of one another, bore hints of Scattered Spider’s involvement, mainly due to the tradecraft that led to the intrusions. ®
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
