Air France KLM: Third-Party Breach Exposes Frequent-Flyer Details

Date: 8 Aug 2025

What happened:

Attackers accessed a third-party platform used by Air France and KLM contact centres. Core airline networks weren’t compromised, but the vendor's security breach allowed criminals to view customer data. IT ProTechRadar

Data exposed:

Names, contact details, Flying Blue numbers and tier levels, and subject lines of service emails. No passwords, payment cards, passport numbers, or miles were taken, but this is still prime phishing fuel. IT ProTechRadar

Why it matters:

Classic supply-chain hit: your security is only as strong as your weakest vendor. Airlines have been hit repeatedly this summer, and attackers are iterating. Forbes

What to do:

If you’re a customer: change your airline account password, enable MFA, and treat any “account help” emails/texts as suspect.