The information has been circulating for a few days on social networks. The Flying Blue loyalty program, which includes customers of Air France and KLM but also those of Kenya Airways, Aircalin, Transavia and Tarom, has been hacked.
“Air France and KLM have confirmed a data leak in which Flying Blue customer data was accessed,” the Air France group communications department tells us. “Our IT security team implemented corrective actions to end the incident. No sensitive data such as passport or credit card numbers were leaked,” he added.
Names, phones, emails…
What kind of data is it? First and last name, Flying Blue numbers (and status), number of miles, telephone numbers, email addresses and latest transactions.
Flying Blue’s IT teams have blocked the affected accounts and are requesting affected program members to change their account password.
The two companies add that, “according to the procedures in force”, they informed the competent authorities “of this event and notified the customers concerned”. In this case the Autoriteit Persoonsgegevens and the National Commission for Information Technology and Freedoms (Cnil).
In 2018, Air France had been the victim of an internet scam, which did not involve its own services. Fraudsters used his name to collect data.
AgentConnect engine still down
Last month, the group had already dealt with a major digital crash. On 7 December 2022, Air France warned travel professionals that fraudulent messages were being sent on its behalf.
The distributors of the Air France-KLM group thus fell victim to phishing emails. These messages came from AgentConnect.email@example.com
To stop the incidents, the sales engine available on the AgentConnect.biz portal, which allows access to NDC content, remains disabled as of December 9th. “AgentConnect is still closed,” Air France told us this morning.
Are the two episodes connected? “No, they are separate subjects”, replies the communication office. However, many observers and customers will wonder about the ability of the airline giant to protect their information systems and personal data.
Security vulnerabilities are increasing across industries, which should cause consumers to be more vigilant and businesses to invest more in this area. The damage can be financial and damage the reputation of the attacked company.
— Jeroen Burgerhout ☁️ | MCT 👨🏫 (@BurgerhoutJ) January 6, 2023