Customer data of Air France and KLM passengers compromised in a third-party data breach.
In the ever-evolving digital landscape, a concerning trend has emerged: supply chain attacks targeting airline companies. The latest victims of this cyber threat are Air France and KLM, who are currently investigating a fraudulent access to the data of some of their customers.
This breach, which occurred during the week commencing 28 July 2025, has affected potentially hundreds of customers. However, it's reassuring to note that no sensitive data such as passwords, travel data, Flying Blue Miles balance, passport, or credit card numbers were disclosed. The Dutch data protection regulator (Autoriteit Persoonsgegevens) has been notified of the breach by KLM, and the French equivalent (CNIL) has been contacted by Air France regarding the incident.
The airline industry is not new to cyber threats. Recent trends show a significant increase in such attacks, driven by the ongoing digitization of aviation systems. Cybersecurity has become the foremost risk for aviation in 2025, with 38% of industry respondents identifying cyber loss as their primary concern, surpassing all other risks[1].
These attacks include ransomware, data breaches, manipulation of avionics, and GPS spoofing incidents, among others. In fact, between 2023 and 2025, over 465 cases of GPS spoofing were reported in India alone that affected commercial flights and surveillance systems[1].
In response to these threats, the airline sector is adopting comprehensive cybersecurity frameworks focusing on real-time threat detection and response. There is also increasing investment in AI-driven security solutions aimed at automated penetration testing and anomaly detection. Enhanced collaboration with international cyber defense alliances is emphasized for threat intelligence sharing[1][3].
However, the industry faces challenges. Cyber insurers are increasingly hesitant to cover airlines due to the systemic risks highlighted by third-party vendor vulnerabilities and supply chain dependencies[3]. Airlines and aviation stakeholders are advised to invest in workforce training, modernize fleet and air traffic control systems for resilience, and upgrade maintenance and operational processes to reduce exposure to cyber threats[4].
It's important to note that supply chain attacks have become an increasingly popular method of compromise for cyber criminals. In 2024, 63% of companies had been the victim of a supply chain attack in the previous two years[2]. This trend is reflected in the aviation industry, with both airlines being the latest victims.
The unusual activity was detected on a third-party platform used by their contact centers. The Netherlands, home to KLM, was one of the countries where businesses were most likely to suffer a third-party breach, coming in second after Singapore in SecurityScorecard's 2025 Global Third-Party Breach Report.
As the industry continues to digitize, it's crucial for airlines to stay vigilant and adapt their cybersecurity measures to counter these threats. The average Brit has experienced five data breaches since 2004, underscoring the need for robust cybersecurity measures in all industries, not just aviation.
References:
[1] Cybersecurity Ventures, 2025 Cybersecurity Almanac, https://cybersecurityventures.com/cybersecurity-almanac/
[2] SecurityScorecard, 2025 Global Third-Party Breach Report, https://www.securityscorecard.com/resources/2025-global-third-party-breach-report
[3] PwC, 2024 Global State of Information Security Survey, https://www.pwc.com/gx/en/services/consulting/cybersecurity/publications/2024-global-state-of-information-security-survey.html
[4] IATA, Cybersecurity Best Practices for Aviation, https://www.iata.org/en/publications/documents/cybersecurity-best-practices-for-aviation/
- Amidst the growing digitization of aviation systems, cybersecurity has emerged as the foremost risk for the airline industry in 2025, with 38% of industry respondents identifying cyber loss as their primary concern.
- The unfortunate breach at Air France and KLM, which occurred in July 2025, serves as a reminder of the importance of robust cybersecurity measures, especially in the face of increasing supply chain attacks targeting key industries.
