CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Data Breaches

Air France, KLM Say Hackers Accessed Customer Data

Airlines Air France and KLM have disclosed a data breach stemming from unauthorized access to a third-party platform. The post Air France, KLM Say Hackers Accessed Customer Data appeared first on SecurityWeek.

Air France KLM data breach

Air France and KLM are notifying some customers that their personal information may have been obtained by hackers following unauthorized access to a third-party platform used by the airlines. 

According to the companies, the unnamed platform is used for customer service and the hackers gained access to data such as first and last name, contact details, service request email subject lines, and Flying Blue loyalty program numbers.

More sensitive information such as passwords, passports, credit card information, travel details, or Flying Blue miles has not been compromised.

However, the airlines have warned customers to be on the lookout for email and phone phishing attempts. 

KLM is based in the Netherlands and Air France is based in France, but they are part of the same airline group. The companies have reported the incident to the data protection authorities in their respective countries.

While no additional details have been provided by KLM and Air France, it’s worth noting that several major companies reported recently that hackers obtained their data after breaching a third-party customer relationship management (CRM) system.

According to Bleeping Computer, the attacks all seem to be part of a campaign targeting Salesforce instances. A hacker group named ShinyHunters claims to be behind the attacks, and some links have also been found to the Scattered Spider cybercrime group. According to some reports, the two groups may have merged

The cybersecurity community recently warned airlines that Scattered Spider had started targeting this sector.

The Salesforce attacks do not involve exploitation of any vulnerability or access to the vendor’s systems. Instead, the hackers are using phishing and social engineering to gain access to targeted instances.

The list of major companies that appear to have been hit by the campaign includes Google, Adidas, Allianz Life, Cisco, Dior and Louis Vuitton.

Related: Over 1 Million Impacted by DaVita Data Breach

Related: Cost of Data Breach in US Rises to $10.22 Million, Says Latest IBM Report

Related: Tea App Takes Messaging System Offline After Second Security Issue Reported

Latest News

CYBERNEWSMEDIAPublisher