Air France and KLM warn customers of new data breach

Air France and KLM are warning customers about a new data breach that hit their customer service platform. Hackers accessed personal details including names, emails, phone numbers, loyalty program information and recent transactions. While no financial details were stolen, experts warn that this information is still a gold mine for cybercriminals.

The airlines say they acted quickly to cut off the attackers’ access. They also stressed that their internal networks remain secure.

“Air France and KLM detected unusual activity on an external platform we use for customer service,” the companies said in a joint statement. “This activity led to unauthorized access to customer data. Our IT security teams, along with the relevant external party, took immediate action to stop it. We have also put measures in place to prevent it from happening again. Internal Air France and KLM systems were not affected.”

Authorities in France and the Netherlands have been notified. Meanwhile, impacted customers are being told to stay alert.

“Customers whose data may have been accessed are currently being informed,” the airlines added. “We are advising them to be extra vigilant for suspicious emails or phone calls.”

NOTORIOUS HACKER GROUP SETS SIGHTS ON AIRLINE INDUSTRY IN ALARMING SECURITY THREAT

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM/NEWSLETTER

A larger cybercrime trend

This attack is part of a broader wave of data theft linked to the ShinyHunters group. In recent months, they have targeted Salesforce customer service systems used by major global brands. High-profile victims include Adidas, Qantas, Louis Vuitton and even Google.

Ricardo Amper, CEO of Incode Technologies, a global leader in identity verification and AI-powered fraud prevention, calls this a dangerous shift.

“This signals hackers like ShinyHunters evolving from brute-force hacks to AI-amplified social engineering, targeting third-party platforms where humans are the weak link. They’re not just stealing data; they’re using generative AI to craft convincing impersonations. It’s an AI arms race.”

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

How hackers pulled this off

Attackers now use advanced AI tools that make impersonation both fast and inexpensive. These tools allow them to convincingly mimic real people.

“Attackers today are digital con artists with an unprecedented toolkit,” Amper explains. “With AI, they can convincingly impersonate real people using cloned voices, speech patterns and even realistic video deepfakes. With just 10-20 seconds of someone’s voice, they can create an audio clone that sounds exactly like them. Armed with this, attackers call customer service reps, posing as an executive, a partner or a high-value customer, and request sensitive account changes or data access.”

These AI-driven impersonations bypass the “red flags” that once alerted employees.

“The best AI deepfakes are nearly impossible for humans to detect in real time,” says Amper. “Pauses, awkward phrasing, bad audio, those giveaways are disappearing.”

Why customer service platforms are prime targets

Customer service portals hold a wealth of personal information and often have the power to reset accounts or override security settings. This combination makes them especially attractive to hackers.

“Customer service platforms are considered a treasure trove because they store detailed personal data, transaction histories, and sometimes have capabilities to reset passwords or override security settings,” Amper notes. “Unlike core financial systems, many lack robust security controls, making them accessible to attackers armed with partial user information.”

What this means for you

Air France-KLM’s breach shows just how quickly cybercriminals are adapting. With AI-powered impersonation, even experienced customer service representatives can be tricked. Your best defense is to stay vigilant, use stronger authentication and actively monitor your accounts for any unusual activity.

What hackers do with the stolen data

Once hackers gain access to this data, they can quickly convert it into profit.

“This starts when attackers use stolen data such as loyalty program numbers, recent transactions or service request information to impersonate customers in future interactions,” Amper says. “Loyalty points and frequent flyer miles act as digital currency that can be monetized or redeemed for rewards. These pieces of information are treated as puzzle pieces to build complete identity profiles.”

These profiles often appear for sale on the dark web. Criminals can also reuse them to break into other accounts or launch highly targeted scams.

How to protect yourself after a breach

Amper warns that scammers often move quickly after a breach, sending fake alerts that seem legitimate.

“Post-breach, watch for phishing lures tailored to you, like emails citing your recent Air France flight, urging a ‘security update’ with a dodgy link. Scammers thrive on urgency.”

If you were notified, or even suspect that your data was part of this breach, take these steps immediately:

1) Enable phishing-resistant MFA

Use app-based authentication, security keys or biometrics wherever possible. Unlike basic text message codes, these methods are far harder for cybercriminals to intercept, even if they already have some of your personal information from the breach.

2) Watch for tailored phishing attempts and use strong antivirus software

Scammers may reference real flights, loyalty program balances or recent transactions to trick you into clicking malicious links. Pair your caution with strong antivirus tools which can block dangerous websites, phishing attempts and malware before they get a chance to run. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at CyberGuy.com/LockUpYourTech

3) Monitor loyalty and financial accounts closely

Frequent flyer miles and loyalty points are like digital currency. They can be stolen, sold or redeemed for real-world goods. Check your airline, hotel and bank accounts regularly for unusual activity.

4) Use strong, unique passwords

Never reuse the same password across accounts. If hackers compromise one account, they can try the same password elsewhere in a “credential stuffing” attack. A reputable password manager can create and store complex, unique logins.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/Passwords

5) Sign up for an identity theft protection service

Credit bureaus and specialized services can alert you if your information appears on the dark web or is linked to suspicious activity. Identity Theft companies can monitor personal information like your Social Security number (SSN), phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. 

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com/IdentityTheft

6) Use a personal data removal service

Personal data removal services can help scrub your personal information from data broker sites. Removing these records makes it harder for attackers to gather the details they need to impersonate you. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/Delete

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan

7) Scan your credit reports weekly

Review your reports from major credit bureaus for suspicious accounts or inquiries you didn’t initiate.

Kurt’s key takeaways

Your frequent flyer miles, email address and phone number might not seem as valuable as your credit card, but in the wrong hands, they’re keys to unlocking more of your personal life. Protect them like cash.

What would you do if a scammer could call your airline and sound exactly like you? Let us know by writing to us at Cyberguy.com/Contact

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM/NEWSLETTER

Copyright 2025 CyberGuy.com. All rights reserved.