Cyber Incident Victim: Air France

In early January 2023, Air France and KLM detected unauthorized activity targeting customer accounts within their shared Flying Blue loyalty program, which serves multiple partner airlines including Transavia, Aircalin, Kenya Airways, and TAROM. Security teams identified suspicious behavior by an unauthorized entity, prompting immediate corrective measures to limit further data exposure. The airlines began notifying affected customers on or around January 6, 2023, confirming that personal information had been compromised. Exposed data included customer names, email addresses, telephone numbers, details of recent transactions, and Flying Blue-specific information such as accrued mileage balances. The breach did not compromise financial data such as credit card details or payment information, nor did it expose passport numbers. Customers reported receiving breach notifications through multiple channels, with some confirmation occurring via KLM's official Twitter account interactions.

Air France and KLM implemented containment measures including account locks for impacted users, requiring password resets through official airline websites to restore access. The airlines publicly stated that attackers were blocked before any loyalty miles could be fraudulently redeemed or transferred. Both organizations filed mandatory breach notifications with relevant data protection authorities in their respective countries. Impacted individuals were advised to monitor their accounts for suspicious activity despite assurances that sensitive data remained protected. The incident exclusively affected Flying Blue program members without disrupting core airline operations or reservation systems.