CyberInsider

Reliable cybersecurity news and resources

General

Latest News

About

CyberInsider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.
See our Mission >

KLM and Air France Confirm Customer Data Exposure via Third-Party Platform

By Leave a Comment
LinkedInReddit

Air France and KLM have disclosed a data security incident involving unauthorized access to customer information on an external platform used for customer service operations.

While some personal data was accessed, the companies confirmed that no sensitive details, such as passwords, passport numbers, travel itineraries, or payment information, were compromised.

The breach was identified on August 6, 2025, prompting immediate containment actions by internal IT security teams working alongside the affected third-party provider. Both airlines stated that their internal systems remain unaffected, and measures have already been implemented to prevent similar incidents in the future.

The Air France–KLM Group has notified the Dutch Data Protection Authority and France’s CNIL, as required by national data protection laws. Impacted customers are being contacted directly and are advised to remain vigilant against suspicious emails, phone calls, or phishing attempts.

Air France–KLM is one of Europe’s largest airline groups, serving more than 100 million passengers annually through a global network. The affected system is used to manage customer service interactions, and although the vendor has not been officially named, the timing raises questions about a possible link to the ongoing Salesforce-related campaign. That campaign involves threat actors using vishing and malicious OAuth applications to extract CRM data from compromised Salesforce environments. However, there is currently no confirmation that Salesforce is the platform involved in the Air France–KLM breach.

The incident also echoes last month’s breach at Qantas, which exposed the personal data of 5.7 million customers via a third-party call center system. As with that case, the growing trend of attackers targeting outsourced platforms highlights the critical need for strong security controls across third-party integrations.

Customers are urged to be cautious of unsolicited messages and verify all communications via official Air France or KLM channels. Enabling multi-factor authentication, avoiding suspicious links, and not disclosing credentials remain key defense strategies in the aftermath of such incidents.

If you liked this article, be sure to follow us on X/Twitter and also LinkedIn for more exclusive content.

LinkedInReddit

More from CyberInsider

About Amar Ćemanović

Amar Ćemanović is an experienced editor and trained engineer with a keen eye for detail and a passion for technology. 
Based in Bosnia, Amar specializes in producing high-quality, engaging content. He holds a Master’s degree in engineering, which helps him maintain a meticulous approach to all editorial work. Amar brings a well-rounded knowledge base, covering everything from tech solutions to privacy tools.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Share to...
BlueskyBufferCopyFlipboardHacker NewsLineLinkedInMastodonMessengerMixNextdoorPinterestPocketPrintRedditSMSTelegramThreadsTumblrVKWhatsAppXingYummly