Security Affairs
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Air France and KLM disclosed data breaches following the hack of a third-party platform

Air France and KLM warn of a data breach exposing customer data via unauthorized access to a third-party platform. Air France and KLM reported a data breach after hackers accessed a third-party platform, potentially exposing some customers’ personal information. Both airlines confirmed that threat actors gained access to the platform of an unnamed service provider […]

Air France-KLM

Air France and KLM warn of a data breach exposing customer data via unauthorized access to a third-party platform.

Air France and KLM reported a data breach after hackers accessed a third-party platform, potentially exposing some customers’ personal information.

Both airlines confirmed that threat actors gained access to the platform of an unnamed service provider used for customer support.

Air France and KLM’s IT security teams, with the help of external experts, quickly stopped unauthorized access. They also announced the adoption of preventive measures.

The companies notified law enforcement and reported the incident to the Dutch Data Protection Authority and the French CNIL.

Exposed data includes first and last name, contact details, service request email subject lines, and Flying Blue loyalty program numbers. The companies confirmed that their internal systems were not affected, and no sensitive data, such as passwords, travel details, mileage, passports, or credit card information, was stolen.

“Air France and KLM have detected unusual activity on an external platform we use for customer service. This activity resulted in unauthorized access to customer data,” reads the statement published by the companies. “Our IT security teams, along with the relevant external party, took immediate action to stop the unauthorized access. Measures have also been implemented to prevent recurrence. Internal Air France and KLM systems were not affected.”

The airlines are notifying affected customers and advised customers to stay alert for suspicious emails or calls.

Bleeping Computer first reported that the data breaches suffered by Air France and KLM are part of a broader campaign by the ShinyHunters extortion group, which uses vishing and social engineering to target Salesforce instances.

Other major companies, including Google, Adidas, Qantas, and Chanel, have also been affected.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, KLM)