Leading airlines based in Europe KLM Royal Dutch Airlines and Air France recently notified their Flying Blue customers that personal information belonging to them was compromised when their online accounts were accessed without authorisation.

A registered loyalty programme, Flying Blue is designed to allow customers of many different airlines, including not only Air France and KLM, but also Transavia, Kenya Airways, TAROM and Air Calin to exchange the loyalty points they accumulate to receive a wide arrange of rewards.

Notification of hacked Flying Blue accounts

In accordance with legislation regarding a data leak involving personal information, official breach notices were sent out to customers impacted by the online incident. The notification explained:

“Our security operations teams have detected suspicious behaviour by an unauthorised entity in relation to your account. We have immediately implemented corrective action to prevent further exposure of your data.”

It added that the airline’s dedicated department for information security was currently acting to prevent any activity considered suspicious with regard to their Flying Blue rewards accounts.

Flag carrier for the Netherlands, KLM posted a notice via tweet on social media through its official Twitter account. It confirmed that the attack had taken place and informed one of the affected Flying Blue members that malicious attack had been blocked in time and as result, no air miles had charged.

However, the representative from KLM did invite the customer to change their user credentials for accessing their account on the Flying Blue programme’s official website.

The response from the Dutch airline followed multiple reports issued by customers across several social media networks who had received breach notifications regarding their exposed personal information.

Personal information exposed during the cyber attack

Reports suggest that the list of compromised personal data potentially includes the full names of customers, their email addresses and phone numbers. It also likely includes their most recent transactions, and specific Flying Blue data, for instance how many air miles they have accumulated and their current balance.

The breach notices issued by the airlines added that the incident suffered by the Flying Blue did not expose the payment or credit card information of any customers of the programme.

Flying Blue customers impacted by the breach were also informed that their user accounts had been effectively locked down due to the cyberattack. They were told they should go directly to the official websites of Air France and KLM as required to change their user passwords and reclaim access to their accounts.

Enterprises and organisations in the aviation and aerospace industries are sought-after targets for cybercriminal campaigns. As they hold vast stores of personally identifiable information (PII) on passengers, vendors, partners, and suppliers, if infiltration is successful, the rewards can be extensive. Along with using data in further attacks, threat operators can also sell it on to other operators for profit.

Airlines are also high-profile victims that make the headlines. This can increase the reputation of a cybercriminal operation both with their peers and around the world, helping them achieve notoriety.