Airlines KLM and Air France have recently fallen victim to data breaches, with sensitive customer information potentially compromised.
In a series of recent data breaches, the Air France-KLM Group has joined a growing list of major organizations, including Dior, Chanel, Pandora, Google, Qantas, and Allianz, that have experienced data lapses. However, it's important to note that the internal systems of Air France and KLM were not affected by the breach.
The common thread in these attacks appears to be a third-party customer service platform, specifically Salesforce instances, which were targeted through phishing and social engineering rather than direct exploitation of vendor systems. The hacker group behind these breaches is the ShinyHunters, with possible involvement of the Scattered Spider cybercrime group.
Air France and KLM confirmed that the breach occurred via unauthorized access to a third-party platform used for customer service. The compromised data includes customer names, contact details, and loyalty program numbers. Fortunately, sensitive payment or passport information was not compromised.
Measures have been implemented to prevent recurrence of the data breach, and both airlines have referred themselves to the Dutch and French data protection authorities, respectively. KLM has issued a customer notice recommending customers to stay alert for any suspicious activity and to verify the authenticity of any unexpected messages or phone calls.
The ShinyHunters cybercrime crew is the prime suspect behind these intrusions, known for its role in last year's attacks on Snowflake customers. Scattered Spider, which has reportedly shifted its focus toward airlines this year, is suspected to be behind the attack on Hawaiian Airlines in June.
It's worth mentioning that over 1.4 million customers were caught in the Allianz Life data heist, although specific details about the breach were not provided. Emirates has been criticized for its online data privacy practices, but no sensitive data such as passwords, travel details, passport, or credit card information was stolen in the Air France-KLM data breach.
The IT security teams of Air France and KLM, along with the relevant external party, took immediate action to stop the unauthorized access. Despite the efforts, the third party responsible for the data breaches at the mentioned companies has not been identified for all except Google, which attributed its breach to a Salesforce instance.
As a precaution, both KLM and Air France have advised customers to be on heightened alert for phishing attempts. The data breach occurred on an external platform used for customer service, and customer notifications circulating online suggest that first and family names, contact details, Flying Blue numbers and tier levels, and the subject lines of service request emails were accessed.
In a separate incident, GPS issues in Britain and France have led to discussions about a backup plan, while Boolean bafflement persists at British Airways' Executive Club due to sneaky little Avioses.
In conclusion, the Air France-KLM data breach is part of a wider hacking campaign targeting Salesforce CRM instances, with the ShinyHunters group being the prime suspect. Both airlines are taking necessary steps to protect their customers' data and prevent future breaches.
- The recent data breaches affecting major enterprises, such as Air France-KLM, Dior, Chanel, Pandora, Google, Qantas, and Allianz, involve AI-driven cyberattacks that target third-party customer service platforms like Salesforce instances.
- In the Air France-KLM Group's case, the breach occurred due to unauthorized access to a third-party platform used for customer service, compromising customer names, contact details, and loyalty program numbers.
- The ShinyHunters cybercrime group is reportedly behind the breaches at Air France-KLM, Allianz, and other companies, with possible involvement from the Scattered Spider cybercrime group.
- To prevent recurrence, both KLM and Air France have implemented measures, referred to the Dutch and French data protection authorities, and advised their customers to remain vigilant against phishing attempts and suspicious activities, focusing on privacy and security in technology-related general-news and crime-and-justice sectors.
