Skip to content
Supply chainContained

Leak at Air France

In August 2025, Air France-KLM disclosed that attackers accessed customer data — names, contact details, Flying Blue loyalty numbers and status, and customer-service request subjects — via a compromised third-party customer-service platform.

Victim
Air France

On 6 August 2025, Air France — the French flag carrier, part of the Air France-KLM group — disclosed that customer data had been accessed by attackers who broke into an external customer-service platform operated by a third-party provider. The airline's own internal systems were not affected; the intrusion was confined to the hosted service used to handle customer requests.

The incident was part of a broad extortion campaign attributed to the ShinyHunters group, which used social-engineering and voice-phishing ("vishing") to compromise third-party Salesforce instances at several large companies. The same wave hit other major brands during the summer of 2025.

Data exposed in the breach included:

  • First and last names
  • Contact details (email address and, in some cases, phone number)
  • Flying Blue loyalty program number and membership status
  • The subject lines of customer-service requests and related agent notes

More sensitive data — passwords, passport details, payment-card information, flight itineraries, and Flying Blue mileage balances — was not affected. On discovering the unauthorized access, the provider and Air France cut off the attackers and Air France notified France's data-protection regulator, the CNIL (KLM filed with the Dutch authority). Customers were warned to be vigilant against follow-on phishing emails and calls that could exploit the leaked loyalty and contact details.

Sources

  1. bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/air-france-and-klm-disclose-data-breaches-impacting-customers/
  2. securityaffairs.comhttps://securityaffairs.com/180932/data-breach/air-france-and-klm-disclosed-data-breaches-following-the-hack-of-a-third-party-platform.html
  3. securityweek.comhttps://www.securityweek.com/air-france-klm-say-hackers-accessed-customer-data/
  4. air-journal.frhttps://www.air-journal.fr/2025-08-09-air-france-klm-des-donnees-client-exposees-apres-une-cyberattaque-chez-un-prestataire-tiers-5264624.html

Related incidents

Supply chainContained

Data leak at Suzuki

Suzuki France disclosed that a cyberattack on one of its third-party partner systems exposed a customer file containing names, email addresses, postal addresses and phone numbers; no financial data or passwords were affected.

Victim
Suzuki
Supply chainResolved

Leak at Hertz

On 15 April 2025, car-rental company Hertz disclosed a data breach stemming from the late-2024 zero-day exploitation of Cleo's file-transfer software by the CL0P group, exposing customer names, contact details, dates of birth, driver's licences, credit-card and passport data.

Victim
Hertz
Supply chainContained

Data leak at Voyage Privé - upcoming bookings exposed

Voyage Privé, the French flash-sale travel platform, confirmed in February 2026 that a compromised third-party partner exposed reservation data for customers with upcoming trips — including names, country of residence, emails, phone numbers and, in some cases, passport numbers — fuelling a wave of WhatsApp phishing.

Victim
Voyage Privé