Leak at Air France
In August 2025, Air France-KLM disclosed that attackers accessed customer data — names, contact details, Flying Blue loyalty numbers and status, and customer-service request subjects — via a compromised third-party customer-service platform.
- Victim
- Air France
On 6 August 2025, Air France — the French flag carrier, part of the Air France-KLM group — disclosed that customer data had been accessed by attackers who broke into an external customer-service platform operated by a third-party provider. The airline's own internal systems were not affected; the intrusion was confined to the hosted service used to handle customer requests.
The incident was part of a broad extortion campaign attributed to the ShinyHunters group, which used social-engineering and voice-phishing ("vishing") to compromise third-party Salesforce instances at several large companies. The same wave hit other major brands during the summer of 2025.
Data exposed in the breach included:
- First and last names
- Contact details (email address and, in some cases, phone number)
- Flying Blue loyalty program number and membership status
- The subject lines of customer-service requests and related agent notes
More sensitive data — passwords, passport details, payment-card information, flight itineraries, and Flying Blue mileage balances — was not affected. On discovering the unauthorized access, the provider and Air France cut off the attackers and Air France notified France's data-protection regulator, the CNIL (KLM filed with the Dutch authority). Customers were warned to be vigilant against follow-on phishing emails and calls that could exploit the leaked loyalty and contact details.
Sources
- bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/air-france-and-klm-disclose-data-breaches-impacting-customers/
- securityaffairs.comhttps://securityaffairs.com/180932/data-breach/air-france-and-klm-disclosed-data-breaches-following-the-hack-of-a-third-party-platform.html
- securityweek.comhttps://www.securityweek.com/air-france-klm-say-hackers-accessed-customer-data/
- air-journal.frhttps://www.air-journal.fr/2025-08-09-air-france-klm-des-donnees-client-exposees-apres-une-cyberattaque-chez-un-prestataire-tiers-5264624.html