Air France and KLM Confirm Limited Data Breach on Third-Party Support Platform

In a joint statement on August 7, Air France and KLM said attackers exploited an external customer service platform, triggering immediate containment measures. Personal data exposed included first and last names, contact information, Flying Blue membership numbers with tier levels and the subject lines of support emails. Sensitive data such as passwords, passport numbers, credit card details, booking information and mileage balances were not accessed. Air France and KLM worked with the vendor to secure the platform, implement enhanced protections and monitor for any follow-on threats. The airlines reported the breach to Dutch and French data protection authorities and are urging affected customers to remain vigilant for phishing or social engineering attempts.

Particle.news