Air France and KLM breach tied to hacker group

The airlines say they acted quickly to cut off the attackers' access. They also stressed that their internal networks remain secure.

Authorities in France and the Netherlands have been notified. Meanwhile, impacted customers are being told to stay alert.

"Customers whose data may have been accessed are currently being informed," the airlines added. "We are advising them to be extra vigilant for suspicious emails or phone calls."

Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM/NEWSLETTER

Ricardo Amper, CEO of Incode Technologies, a global leader in identity verification and AI-powered fraud prevention, calls this a dangerous shift.

"This signals hackers like ShinyHunters evolving from brute-force hacks to AI-amplified social engineering, targeting third-party platforms where humans are the weak link. They're not just stealing data; they're using generative AI to craft convincing impersonations. It's an AI arms race."

Attackers now use advanced AI tools that make impersonation both fast and inexpensive. These tools allow them to convincingly mimic real people.

"Attackers today are digital con artists with an unprecedented toolkit," Amper explains. "With AI, they can convincingly impersonate real people using cloned voices, speech patterns and even realistic video deepfakes. With just 10-20 seconds of someone's voice, they can create an audio clone that sounds exactly like them. Armed with this, attackers call customer service reps, posing as an executive, a partner or a high-value customer, and request sensitive account changes or data access."

These AI-driven impersonations bypass the "red flags" that once alerted employees.

"The best AI deepfakes are nearly impossible for humans to detect in real time," says Amper. "Pauses, awkward phrasing, bad audio, those giveaways are disappearing."

"Customer service platforms are considered a treasure trove because they store detailed personal data, transaction histories, and sometimes have capabilities to reset passwords or override security settings," Amper notes. "Unlike core financial systems, many lack robust security controls, making them accessible to attackers armed with partial user information."

Once hackers gain access to this data, they can quickly convert it into profit.

"This starts when attackers use stolen data such as loyalty program numbers, recent transactions or service request information to impersonate customers in future interactions," Amper says. "Loyalty points and frequent flyer miles act as digital currency that can be monetized or redeemed for rewards. These pieces of information are treated as puzzle pieces to build complete identity profiles."

These profiles often appear for sale on the dark web. Criminals can also reuse them to break into other accounts or launch highly targeted scams.

Amper warns that scammers often move quickly after a breach, sending fake alerts that seem legitimate.

"Post-breach, watch for phishing lures tailored to you, like emails citing your recent Air France flight, urging a 'security update' with a dodgy link. Scammers thrive on urgency."

If you were notified, or even suspect that your data was part of this breach, take these steps immediately:

Scammers may reference real flights, loyalty program balances or recent transactions to trick you into clicking malicious links. Pair your caution with strong antivirus tools which can block dangerous websites, phishing attempts and malware before they get a chance to run. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at CyberGuy.com/LockUpYourTech

Never reuse the same password across accounts. If hackers compromise one account, they can try the same password elsewhere in a "credential stuffing" attack. A reputable password manager can create and store complex, unique logins.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/Passwords

Credit bureaus and specialized services can alert you if your information appears on the dark web or is linked to suspicious activity. Identity Theft companies can monitor personal information like your Social Security number (SSN), phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. 

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com/IdentityTheft

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/DeleteGet a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan

Review your reports from major credit bureaus for suspicious accounts or inquiries you didn't initiate.

Your frequent flyer miles, email address and phone number might not seem as valuable as your credit card, but in the wrong hands, they're keys to unlocking more of your personal life. Protect them like cash.

What would you do if a scammer could call your airline and sound exactly like you? Let us know by writing to us at Cyberguy.com/Contact

Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM/NEWSLETTER

Copyright 2025 CyberGuy.com. All rights reserved.