KLM confirms customer data leak, blames third-party service provider

Dutch airline KLM confirmed on Wednesday that its customers were affected by a leak of personal data, blaming an issue with an external platform used to manage customer service. As a result, it was possible for people to gain unauthorized access to the data and personal information of an unknown number of customers, KLM said in a statement.

Customer names, contact details, and account numbers from the Flying Blue rewards program may have been illicitly viewed or captured due to the leak. Cybercriminals may also have accessed the subject lines of service request emails, and the notes made by KLM customer service representatives.

KLM has reported the breach to the Dutch Data Protection Authority. Air France has done the same with the authorities in France. Customers whose data may have been accessed will be notified. They will also be advised to be alert for suspicious emails or phone calls.

KLM did not disclose the number of affected customers. A KLM spokesperson said they could not provide any details on this when asked. For “security reasons,” the airline also declined to disclose which external platform was involved.

No other sensitive data was stolen, such as passwords, travel details, Flying Blue miles, passport information, or credit card data. KLM’s internal systems, as well as those of sister airline Air France, were not affected.

Other companies have reportedly been affected by the leak, as well. According to KLM, immediate action was taken together with the external party involved to stop the unauthorized access.