Cyber Incident Victim: Air France

In September 2025, Air France publicly disclosed a data breach impacting its customers. This announcement occurred on September 1st, 2025, as reported by BleepingComputer. The disclosure confirmed that customer information had been compromised in a cybersecurity incident. Simultaneously, KLM, another airline within the same corporate group, also announced a separate data breach affecting its own customer base. Both airlines acknowledged that unauthorized parties had accessed personal data belonging to their respective customers. The disclosures were made through official channels, informing the public about the security events. Air France confirmed the breach involved customer data but did not specify the exact nature or scope of the compromised information within this initial announcement. The airline group indicated that breaches occurred at both major carriers under its umbrella. This public notification marked the formal acknowledgment of the security incidents by the affected organizations.

The primary consequence of the Air France breach was the unauthorized access to customer personal data. The breach resulted in the exposure of sensitive information belonging to individuals who had engaged with the airline. Air France did not publicly detail the specific types of customer data accessed or stolen during this incident at the time of the initial disclosure. Similarly, the breach at KLM led to the compromise of its customers' personal information. The airlines' disclosures served to alert potentially affected individuals about the compromise of their data. Following the breach discovery, Air France initiated its incident response procedures, which included investigating the event and notifying relevant parties. The public disclosure on September 1st, 2025, represented a key step in the company's response to the cybersecurity incident impacting its customers.