European airline giants Air France and KLM say they are the latest in a string of major organizations to have their customers’ data stolen by way of a break-in at a third party org.
The airlines, which share a parent company, Air France-KLM Group, said in a joint statement that they “detected unusual activity on an external platform we use for customer service,” which led to attackers accessing customer data.
“Our IT security teams, along with the relevant external party, took immediate action to stop the unauthorized access,” the statement read. “Measures have also been implemented to prevent recurrence. Internal Air France and KLM systems were not affected.
“No sensitive data such as passwords, travel details, Flying Blue miles, passport, or credit card information was stolen.”
The airlines did not publicly specify the types of data that were stolen, but the exclusion of sensitive data suggests basic personal information was involved.
However, customer notifications circulating online noted that first and family names, along with contact details, Flying Blue numbers and tier levels, and the subject lines of service request emails were accessed.
[…]
The attack marks the latest in a string of data lapses at major organizations that also blamed a third party.
In recent weeks, luxury retailers Dior, Chanel, and Pandora all reported similar leaks at third party providers, as did Google, Qantas, and Allianz.
All of the above declined to identify the third party in question except for Google, which said this week that one of its Salesforce instances was raided.
[…]
Source: KLM, Air France latest major orgs to have data looted • The Register
It’s pretty clear that the customer service portal was looted.
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft