Air France and KLM introduced on Wednesday that attackers had breached a customer support platform and stolen the info of an undisclosed variety of prospects.
Along with Transavia, Air France and KLM are a part of Air France–KLM Group, a French-Dutch multinational airline holding firm based in 2004 and a significant participant in worldwide air transport.
With a fleet of 564 plane and 78,000 staff, Air France-KLM gives companies to as much as 300 locations in 90 international locations. In 2024, the aviation group transported 98 million passengers worldwide.
The 2 airways acknowledged that they’ve minimize off the attackers’ entry to the compromised methods after discovering the breach and added that their networks weren’t affected by the assault.
“Air France and KLM have detected uncommon exercise on an exterior platform we use for customer support. This exercise resulted in unauthorized entry to buyer knowledge,” they mentioned. “Our IT security groups, together with the related exterior occasion, took speedy motion to cease the unauthorized entry. Measures have additionally been carried out to forestall recurrence. Inside Air France and KLM methods weren’t affected.”
Whereas the attackers gained entry to buyer knowledge, Air France and KLM mentioned that the shoppers’ monetary and private data was not affected. The airways have additionally notified related authorities of their international locations of the incident and at the moment are additionally alerting impacted people that their knowledge was stolen.
“KLM has reported the incident to the Dutch Data Safety Authority; Air France has performed so in France with the CNIL,” they added. “Prospects whose knowledge might have been accessed are at the moment being knowledgeable and suggested to be further vigilant for suspicious emails or telephone calls.”
This comes on the heels of different aviation breaches linked to the Scattered Spider hacker collective, which has shifted its focus to aviation and transportation companies, breaching WestJet and Hawaiian Airways after beforehand concentrating on the insurance coverage and retail sectors.
A number of high-profile firms, together with Adidas, Qantas, Allianz Life, Louis Vuitton, Dior, Tiffany & Co., Chanel, and, most not too long ago, Google, have been additionally not too long ago breached in a collection of assaults concentrating on Salesforce situations linked to a menace actor often called ShinyHunters.
An Air France–KLM spokesperson was not instantly obtainable for remark when contacted by BleepingComputer to reveal the variety of people affected and to verify whether or not the shoppers’ knowledge was stolen from a compromised Salesforce occasion.
Malware concentrating on password shops surged 3X as attackers executed stealthy Excellent Heist eventualities, infiltrating and exploiting crucial methods.
Uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and defend towards them.
