Air France-KLM, which operates Air France, KLM, and Transavia, has reported a data breach compromising customer data, potentially impacting thousands of UK customers. The breach targeted a customer service system hosted on an external platform, as reported by Bleeping Computer. The airline group, which served approximately 98 million passengers across 300 global destinations in 2024, confirmed that the breach did not affect its operational systems. "Our IT security teams, in collaboration with the external platform provider, swiftly halted the unauthorized access and implemented measures to prevent future incidents," Air France-KLM stated. 

The attack is attributed to the Shiny Hunters Extortion Group, known for targeting companies using the Salesforce platform, according to Bleeping Computer. Customers are urged to stay cautious of phishing emails that may appear legitimate, potentially containing accurate flight details. Javvad Malik, Lead Security Awareness Advocate at KnowBe4, commented: "This breach highlights the vulnerability of third-party systems, even when core operations remain secure. 

Organizations must continuously monitor all parties with access to their data, as security remains their responsibility. A breach not only risks customer data but also erodes trust in the brand. "Customers with Air France-KLM accounts should remain vigilant for suspicious communications and verify any emails claiming to be from the airline group.