Sensitive user data of top European airlines was reportedly hacked and it has been confirmed by the airlines. User data were reported to be taken from Air France and KLM.
Sensitive User Data of Top European Airlines Reportedly Hacked
Reports coming in now claim that two major European airlines have been compromised and in the process, sensitive customer data was likely accessed by threat actors.
The two airlines in question KLM and Air France have now contacted customers of Flying Blue which is a multi-airline loyalty program that lets travelers to easily exchange loyalty points for various awards.
The airlines in the announcement discussed spotting “suspicious behavior”, and while initial reports from the incident suggested no direct financial damage being carried out, threat actors can make use of personally identifiable data to access customer funds in stage-two attacks.
Content of the Notification Issued Out
“Our security operations teams have detected suspicious behavior by an unauthorized entity in relation to your account. We have immediately implemented corrective action to prevent further exposure of your data,” the notification states. “Our Information Security department is taking actions to prevent any suspicious activity with regard to your account.”
KLM, however, confirmed the attack on Twitter, and in a short discussion with one of its customers, stated that the attacks were “blocked in time”, thus meaning that no miles were charged.
“I do however invite you to change your Flying Blue password via the Flying Blue website,” the company stated.
Details of Information Accessed By Threat Actors during and After the Attack
Whoever the people that were behind the attack very much likely got access to customer names, phone numbers, email addresses, latest transactions as well as Flying Blue data such as the likes of earned miles balance. Customer payment and credit card information apparently are safe.
The companies apparently also locked down the affected accounts and then told their customers to make use of the accounts but they would however need to first update their passwords.
Other Times Airlines Were Under Attacks
Endpoints of airlines always are a popular target for cybercriminals. Back in September last year, American airlines reported that unauthorized personnel compromised the email accounts of a “limited number” of members of its team, and also in mid-2021, SITA, an airline data giant disclosed a breach that reportedly affected at least 4.5 million travelers from Air India.