WILLEMSTAD – KLM and Air France have confirmed that unauthorized individuals gained access to customer information through an external customer service platform used by both airlines. The companies stressed that sensitive data such as passwords, passport details, travel records, Flying Blue points, and credit card numbers were not compromised. 

The airlines detected unusual activity on the platform, prompting immediate action by their IT security teams to stop the breach. Working with the external service provider, additional measures have been implemented to prevent similar incidents in the future. 

KLM emphasized that its internal systems were not affected and that the breach was confined to the external customer service platform. The specific types of customer data viewed have not been disclosed. 

The incident has been reported to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) and, in Air France’s case, to the French privacy regulator CNIL. 

KLM is notifying customers who may have been affected and is advising them to remain alert for suspicious emails or phone calls.