The frequent flyer program of flag carrier airlines KLM and Air France, Flying Blue, was hit by a cyberattack last week, Dutch newspaper Het Parool reports. Personal data and travel information of clients may have been accessed, the companies warn.
KLM informed Flying Blue members last weekend that their data had likely been stolen following “suspicious behaviour by an unauthorised entity”, a phrase typically used to refer to the theft of information by malicious actors.
“We have immediately implemented corrective action to prevent further exposure of your data,” the airline told customers. On social media, the airline claimed that the breach had been stopped in time and that “no miles were charged.” The company recommends that Flying Blue customers change their passwords.
Personal customer data, the status of their loyalty program (number of miles), and recent transaction information have potentially been stolen. On Twitter, Australian cybersecurity expert Troy Hunt cast doubt on the official explanations issued by the companies.
“Listing a bunch of exposed data and inviting people to change their passwords doesn’t sound like ‘blocked in time,’” he said. Despite this, the airlines assure that no credit card numbers or payment information had been exposed as a result of the attack.
Related News
- Half of Belgian companies fall victim to ‘successful’ cyberattacks
- Former Uber security chief found guilty of covering up 2016 cyberattack
This is not the first airline to be hit by cyberattacks in recent months.
In September 2022, Portuguese airline TAP said that cybercriminals had stolen- and published - customer names, nationalities, dates of birth, addresses, emails, and other private information.
American Airlines was also involved in a major data breach last year, which revealed the private information of many customers. An employee email account was compromised, allowing intruders to access the accounts of several staff members.