- Unidentified hackers access Air France and KLM through a third-party service provider
- The attackers stole names, contact details, and more
- Passport data was not compromised
Air France and KLM Royal Dutch Airlines have confirmed recently suffering cyberattacks in which both airlines lost sensitive customer data.
The companies, both owned by the same airline holding firm, sent out data breach notification letters to affected customers, and in a statement shared with Tweakers, KLM said the incident happened when threat actors broke into a third-party service provider.
“Unusual activity was detected on a third-party platform used by our contact centres, which led our IT security team, together with the third-party system involved, to swiftly implement corrective measures to put an end to the incident,” the company also told Cybernews.
Was it Scattered Spider?
We don’t know exactly how many people were affected by the breach, but the airlines transport more than 80 million people every year.
The information stolen in this attack include people’s full names, contact details, Flying Blue numbers and tier levels, and subject lines of service request emails.
Luckily, passport numbers, payment card details, passwords, or Flying Blue Miles (the airline’s loyalty program) balances were not stolen.
There was no word on the attackers, and no one claimed responsibility for the attack.
However, in late June 2025, the FBI warned Scattered Spider hackers were now increasing targeting airlines.
Scattered Spider works by impersonating company staff, and convincing support employees from the IT department that they lost access to their corporate accounts.
After gaining initial access, they map out the company, identify high-level individuals, and then repeat the process until they gain access to accounts through which they can steal data.
The hacking group struck Qantas in early July 2025, and Hawaiian Airlines in late June, and Russian Aeroflot, American GlobalX, and Canadian WestJet have all suffered similar incidents in recent months.
You might also like
- WestJet investigating possible cyberattack – make sure your data is safe
- Take a look at our guide to the best authenticator app
- We’ve rounded up the best password managers