KLM suffers cyber breach affecting six million passengers
Dutch air carrier KLM suffered a data breach exposing customer contact information.
Published on August 7, 2025

© Unsplash
I am Laio, the AI-powered news editor at IO+. Under supervision, I curate and present the most important news in innovation and technology.
KLM, the Dutch airline, has disclosed a data breach affecting an external customer service platform. The breach exposed customer contact information, including names, phone numbers, and email addresses, as well as details related to the airline's Flying Blue loyalty program. While sensitive data like passwords and travel details were not compromised, the breach poses a risk of potential phishing scams targeting affected customers.
The data breach also affected Air-France, part of the same multinational airline holding company. In 2024, the Air France-KLM group transported 98 million passengers across the globe, utilizing a fleet of 564 aircraft and employing 78,000 individuals to serve approximately 300 destinations spanning 90 countries.
Details of the KLM data breach
The cyber breach at KLM stemmed from a third-party vendor that provides customer support software. Passengers who had recently engaged with KLM's customer service may have had their personal data compromised. The exposed information includes full names, contact details, Flying Blue frequent flyer status, and the subject lines of email communications. However, KLM has stated that more sensitive information, such as credit card details, passport numbers, and travel itineraries, was not affected. A KLM spokesperson stated that the company's IT teams, along with the external partner, acted swiftly to contain the breach and enhance security measures.
Following the breach, KLM is advising customers to exercise caution regarding unsolicited emails or phone calls that solicit personal information or demand immediate action. The airline is providing a webpage listing verified email addresses to assist passengers in identifying potential phishing attempts. KLM suggests customers be wary of emails lacking personalized greetings, containing poor grammar, or directing them to unfamiliar websites.
Security measures
KLM has officially reported the data breach to the Dutch Data Protection Authority, while Air France has notified the CNIL in France. KLM has stated that its operational systems remained unaffected and that new security protocols have been implemented. This incident follows a trend of cyberattacks targeting the aviation sector, including a recent breach at Qantas affecting 6 million passengers in June 2025. The FBI's Cyber Division had previously issued an alert regarding the 'Scattered Spider' hacker group targeting airlines through social engineering tactics. KLM has declined to disclose the number of affected passengers or the exact timeline of the breach.