[lulagain]

Air France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data of an undisclosed number of customers.

Together with Transavia, Air France and KLM are part of Air France–KLM Group, a French-Dutch multinational airline holding company founded in 2004 and a major player in international air transport.

With a fleet of 564 aircraft and 78,000 employees, Air France-KLM provides services to up to 300 destinations in 90 countries. In 2024, the aviation group transported 98 million passengers worldwide.

The two airlines stated that they've cut off the attackers' access to the compromised systems after discovering the breach and added that their networks were not affected by the attack.

"Air France and KLM have detected unusual activity on an external platform we use for customer service. This activity resulted in unauthorized access to customer data," they said. "Our IT security teams, along with the relevant external party, took immediate action to stop the unauthorized access. Measures have also been implemented to prevent recurrence. Internal Air France and KLM systems were not affected."

While the attackers gained access to customer data, such as names, email addreses, phone numbers, rewards program information, and latest transactions, Air France and KLM said that the customers' financial and personal information was not affected.

The airlines have also notified relevant authorities in their countries of the incident and are now also alerting impacted individuals that their data was stolen.

"KLM has reported the incident to the Dutch Data Protection Authority; Air France has done so in France with the CNIL," they added. "Customers whose data may have been accessed are currently being informed and advised to be extra vigilant for suspicious emails or phone calls."

Salesforce data theft attacks

BleepingComputer has learned that this incident is part of a wave of data breaches linked to the ShinyHunters extortion group, which targets Salesforce instances in vishing and social engineering attacks.

Multiple other high-profile companies, including Adidas, Qantas, Allianz Life, Louis Vuitton, Dior, Tiffany & Co., Chanel, and, most recently, Google, were also recently breached in this campaign.

An Air France–KLM spokesperson stated that the company would not provide additional information due to an ongoing investigation when asked by BleepingComputer to confirm whether the data was stolen from a compromised Salesforce instance and disclose the number of individuals affected.

The Air France–KLM incident also comes on the heels of other aviation breaches linked to the Scattered Spider hacker collective, which has shifted its focus to aviation and transportation firms in recent months, breaching WestJet and Hawaiian Airlines after previously targeting the insurance and retail sectors.

Update August 07, 08:00 EDT: Added Air France–KLM statement.