Air France
Company Details
Linkedin ID:
air-france
Website:
Employees number:
29,688
Number of followers:
698,887
NAICS:
481
Industry Type:
Homepage:
http://www.airfrance.com
IP Addresses:
0
Company ID:
AIR_2584401
Scan Status:
In-progress
Air France Company CyberSecurity Posture
http://www.airfrance.com
Depuis 1933, la compagnie Air France porte haut les couleurs de la France à travers le monde entier. Avec une activité, répartie entre le transport aérien de passagers, le fret, la maintenance et l’entretien aéronautique, Air France est un acteur majeur du secteur aérien. Plus de 45 000 collaborateurs se mobilisent au quotidien pour proposer à chaque client, une expérience de voyage unique. Air France, KLM Royal Dutch Airlines et Transavia forment le Groupe Air France-KLM. Le Groupe s’appuie sur la force de ses hubs de Paris-Charles de Gaulle et d’Amsterdam-Schiphol pour offrir un vaste réseau international. Son programme de fidélité Flying Blue rassemble plus de 17 millions d’adhérents. Air France et KLM sont membres de l’alliance SkyTeam qui compte au total, 19 compagnies aériennes. Air France place la santé et la sécurité de ses clients et de ses personnels au cœur de ses préoccupations. Avec Air France Protect, son engagement sanitaire, la compagnie a instauré les mesures sanitaires les plus strictes pour un voyage en toute sécurité. Air France s’est fixé des objectifs ambitieux en matière de développement durable et travaille à réduire et compenser ses émissions de CO2. Dans le cadre du programme Horizon 2030, la compagnie s’est engagée à réduire de 50% ses émissions de CO2 par passager-kilomètre d’ici à 2030 à travers des investissements importants en faveur du renouvellement de sa flotte par des avions de nouvelle génération, l’utilisation de solutions innovantes pour réduire sa consommation de carburant ou encore l’utilisation progressive de carburants alternatifs durables. Plus d'informations sur : corporate.airfrance.com
Air France A.I CyberSecurity Scoring
Air France Risk Score (AI oriented)Between 750 and 799
Air France
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Air France Global Score (TPRM)XXXX
Air France
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Air France Company CyberSecurity News & History
Past Incidents
5
Attack Types
2
Air France
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Unidentified hackers accessed Air France through a third-party service provider, stealing sensitive customer data. The compromised information includes full names, contact details, Flying Blue numbers, tier levels, and subject lines of service request emails. However, passport numbers, payment card details, passwords, and Flying Blue Miles balances were not affected. The attack was detected and mitigated by the IT security team, but the exact number of affected individuals remains unknown. No group has claimed responsibility, though the FBI has warned about increased targeting of airlines by the Scattered Spider hacking group.
Air France-KLM
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Air France and KLM announced a breach in a customer service platform where attackers gained unauthorized access to customer data. The airlines confirmed that financial and personal information was not compromised, but customer data was stolen. The breach was contained, and measures were implemented to prevent recurrence. Authorities were notified, and affected customers were advised to be vigilant against phishing attempts. The incident is under investigation, with no further details disclosed.
Air France-KLM
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Air France and KLM suffered a data breach on their **external customer service platform**, where hackers gained unauthorized access to **customer personal data**, including **names, emails, phone numbers, loyalty program details, and recent transactions**. While **no financial data was stolen**, the exposed information remains highly valuable for cybercriminals, enabling **AI-powered impersonation attacks, phishing, and fraudulent account takeovers**. The breach was linked to the **ShinyHunters hacker group**, which exploited **third-party vulnerabilities** in Salesforce-based customer service systems. Authorities in **France and the Netherlands** were notified, and affected customers were advised to monitor for **suspicious communications and fraudulent activity**. The airlines confirmed that **internal systems remained secure**, but the incident highlights the growing risk of **AI-driven social engineering attacks** targeting customer support portals.
Air France
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: In a recent cybersecurity incident involving **Air France**, the airline fell victim to a **third-party supply chain breach**, a growing trend highlighted in the Verizon DBIR report (2025). The attack exploited vulnerabilities within one of Air France’s critical vendors, likely a supplier handling passenger data, booking systems, or operational logistics. While specifics remain undisclosed, the breach led to unauthorized access to **customer personal and financial information**, including booking details, payment records, and potentially frequent flyer accounts. The incident triggered regulatory scrutiny under **GDPR**, given the exposure of EU citizen data, and prompted Air France to initiate emergency containment protocols. Customers reported fraudulent transactions linked to compromised accounts, while the airline faced reputational damage due to media coverage and public distrust. Operational disruptions, such as delayed refunds or loyalty program freezes, further exacerbated the fallout. Air France’s cyber insurance premiums are expected to surge, reflecting heightened risk exposure. The breach underscores the cascading risks of supply chain vulnerabilities, where a single weak link in a vendor’s security posture can cripple a global enterprise.
Air France
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Air France suffered a **cyber attack** via a **third-party vendor (Salesforce)**, compromising the **personal data of tens of thousands of passengers**, including full names, contact details, frequent flyer status, and email subject lines from service requests. While **credit card or passport data was not accessed**, the stolen information was allegedly **sold on the dark web**, exposing victims to **identity theft and phishing scams**. The breach, linked to the **Scattered Spider hacking group**, exploited social engineering tactics to infiltrate Air France’s customer support systems. A **class-action lawsuit** (filed in New York under *1:25-cv-07634*) accuses the airline of **negligent cybersecurity practices**, failing to prevent, detect, or mitigate the breach despite prior warnings about aviation sector vulnerabilities. Although Air France offered **complimentary credit monitoring**, plaintiffs argue this does not address the **long-term risks of fraud and privacy violations**. The incident mirrors a similar attack on **Qantas** via the same Salesforce vulnerability in July 2023.
Air France Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Air France
Incidents vs Airlines and Aviation Industry Average (This Year)
Air France has 112.77% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Air France has 53.85% more incidents than the average of all companies with at least one recorded incident.
Incident Types Air France vs Airlines and Aviation Industry Avg (This Year)
Air France reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — Air France (X = Date, Y = Severity)
Air France cyber incidents detection timeline including parent company and subsidiaries
Air France Company Subsidiaries
Depuis 1933, la compagnie Air France porte haut les couleurs de la France à travers le monde entier. Avec une activité, répartie entre le transport aérien de passagers, le fret, la maintenance et l’entretien aéronautique, Air France est un acteur majeur du secteur aérien. Plus de 45 000 collaborateurs se mobilisent au quotidien pour proposer à chaque client, une expérience de voyage unique. Air France, KLM Royal Dutch Airlines et Transavia forment le Groupe Air France-KLM. Le Groupe s’appuie sur la force de ses hubs de Paris-Charles de Gaulle et d’Amsterdam-Schiphol pour offrir un vaste réseau international. Son programme de fidélité Flying Blue rassemble plus de 17 millions d’adhérents. Air France et KLM sont membres de l’alliance SkyTeam qui compte au total, 19 compagnies aériennes. Air France place la santé et la sécurité de ses clients et de ses personnels au cœur de ses préoccupations. Avec Air France Protect, son engagement sanitaire, la compagnie a instauré les mesures sanitaires les plus strictes pour un voyage en toute sécurité. Air France s’est fixé des objectifs ambitieux en matière de développement durable et travaille à réduire et compenser ses émissions de CO2. Dans le cadre du programme Horizon 2030, la compagnie s’est engagée à réduire de 50% ses émissions de CO2 par passager-kilomètre d’ici à 2030 à travers des investissements importants en faveur du renouvellement de sa flotte par des avions de nouvelle génération, l’utilisation de solutions innovantes pour réduire sa consommation de carburant ou encore l’utilisation progressive de carburants alternatifs durables. Plus d'informations sur : corporate.airfrance.com
Loading...
Air France Similar Companies
Delta Air Lines
Delta Air Lines (NYSE: DAL) is the U.S. global airline leader in safety, innovation, reliability and customer experience. Powered by our employees around the world, Delta has for a decade led the airline industry in operational excellence while maintaining our reputation for award-winning customer s
Qatar Airways
Qatar Airways is the national airline of the State of Qatar. Based in Doha, the Airline’s trendsetting on-board product focuses on: comfort, fine cuisine, the latest in-flight audio & video entertainment, award-winning service and one of the youngest and most advanced aircraft fleet in the sky. Awa
American Airlines
Embark on an adventure with a commitment to service, excellence and humanity. Our team is what powers our airline. We are proudly dedicated to our purpose of caring for people on life’s journey, including connecting our customers to the people and places they love or providing our team members devel
China Eastern Airlines, North America
As one of the three major air carriers in China, headquartered in Shanghai, China Eastern Airlines operates 111 domestic and overseas branches across the globe. Flying a fleet of 730 aircraft which is one of the youngest fleets in major airlines worldwide. Moreover, it boasts the largest-scale in-fl
Singapore Airlines
Welcome aboard Singapore Airlines on LinkedIn. Discover travel inspirations, business travel tips, cultural insights, our latest updates, and more. Singapore Airlines is a global company dedicated to providing air transportation services of the highest quality and to maximising returns for the ben
Etihad
Marhaba! Welcome to Etihad Airways. We are proud to be the national airline of the UAE, flying to 100+ destinations via Abu Dhabi. At Etihad, we don't stop at the border of what's possible, we go beyond it. Proudly inspired by our Emirati identity, we are dedicated to delivering extraordinary trave
We would like to acknowledge the Traditional Custodians of the local lands and waterways on which we live, work and fly. We pay our respects to Elders past and present. Spirit is everything to us, and joining the Qantas team means bringing your spirit to ours. We have over 26,000 exceptional emplo
Grupo Aeromexico, S.A.B. de C.V. is a holding company whose subsidiaries are engaged in commercial aviation and the promotion of passenger loyalty programs in Mexico. Aeromexico, Mexico’s global airline, operates more than 600 daily flights and has its main hub in Terminal 2 of the Mexico City Inter
SpiceJet Limited
Red. Hot. Spicy. That’s not just our tagline, it’s how we fly. Red reflects the bold spirit we bring to every journey, energetic, passionate, and full of heart. Hot captures the warmth of our service and the vibrant destinations we connect. Spicy is our drive to keep travel exciting through innovati
.png)
Air France CyberSecurity News
November 25, 2025 09:18 PM
Iberia Airline’s Cybersecurity Breach: A Warning for Airline Passengers
Iberia suffers a cyberattack exposing customer details. Learn how this data breach impacts travelers and what actions they should take for...
November 17, 2025 08:00 AM
Thales, France's technological giant in defence, aerospace and cybersecurity
The industrial corporation is involved in major civil and military land, naval, air, space and cyber programmes worldwide.
October 24, 2025 02:02 PM
Air France class action alleges airline failed to prevent data breach
A new nationwide class action lawsuit alleges Air France failed to prevent a data breach that compromised the personally identifiable information (PII) of...
October 12, 2025 07:00 AM
Qantas Joins United, Collins Aerospace, Air France-KLM in Facing Massive Cybersecurity Breaches, Why This is Happening and How to Avoid It, New Report Digs Deeper Inside
The attackers gained access to customer information like names, email addresses, phone numbers, and frequent flyer details. Despite efforts by...
October 12, 2025 07:00 AM
GLOBAL CYBER MELTDOWN: Qantas breach hits 5.7m as hackers target airline network linking Google, Air France, KLM
Hackers posted the personal information of over 5.7 million Qantas customers on the dark web in what cybersecurity experts are describing as...
October 12, 2025 07:00 AM
Qantas Airways’ 6 Million Customers’ Data Leaked by Hackers on Dark Web
Hackers have exposed personal data from six million Qantas customers on dark web after a software vendor refused to meet ransom demands.
October 11, 2025 07:00 AM
Qantas customers' data leaked to dark web after cyber attack
Hackers have released personal data from Qantas customers onto the dark web, following a cyber attack in July.
October 08, 2025 07:00 AM
Qantas among nearly 40 companies facing ransom demand from hacker group
Hacker collective Scattered Lapsus$ Hunters reportedly threatening to leak stolen personal data from dozens of firms in major extortion...
October 07, 2025 07:00 AM
Air France Faces Massive Class Action Lawsuit Over Data Breach That Targeted Customer Support System
In August, Air France and KLM Royal Dutch Airlines revealed they were the latest victims of a cyber attack that allowed hackers to gain...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Air France CyberSecurity History Information
Official Website of Air France
The official website of Air France is http://www.airfrance.com.
Air France’s AI-Generated Cybersecurity Score
According to Rankiteo, Air France’s AI-generated cybersecurity score is 752, reflecting their Fair security posture.
How many security badges does Air France’ have ?
According to Rankiteo, Air France currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Air France have SOC 2 Type 1 certification ?
According to Rankiteo, Air France is not certified under SOC 2 Type 1.
Does Air France have SOC 2 Type 2 certification ?
According to Rankiteo, Air France does not hold a SOC 2 Type 2 certification.
Does Air France comply with GDPR ?
According to Rankiteo, Air France is not listed as GDPR compliant.
Does Air France have PCI DSS certification ?
According to Rankiteo, Air France does not currently maintain PCI DSS compliance.
Does Air France comply with HIPAA ?
According to Rankiteo, Air France is not compliant with HIPAA regulations.
Does Air France have ISO 27001 certification ?
According to Rankiteo,Air France is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Air France
Air France operates primarily in the Airlines and Aviation industry.
Number of Employees at Air France
Air France employs approximately 29,688 people worldwide.
Subsidiaries Owned by Air France
Air France presently has no subsidiaries across any sectors.
Air France’s LinkedIn Followers
Air France’s official LinkedIn profile has approximately 698,887 followers.
NAICS Classification of Air France
Air France is classified under the NAICS code 481, which corresponds to Air Transportation.
Air France’s Presence on Crunchbase
No, Air France does not have a profile on Crunchbase.
Air France’s Presence on LinkedIn
Yes, Air France maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/air-france.
Cybersecurity Incidents Involving Air France
As of December 10, 2025, Rankiteo reports that Air France has experienced 5 cybersecurity incidents.
Number of Peer and Competitor Companies
Air France has an estimated 3,489 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Air France ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
How does Air France detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with yes, and third party assistance with yes, and law enforcement notified with yes, and containment measures with cut off attackers' access, and remediation measures with implemented measures to prevent recurrence, and communication strategy with notifying impacted individuals, and and and containment measures with corrective measures implemented, and communication strategy with data breach notification letters sent to affected customers, and incident response plan activated with yes, and third party assistance with external it security teams, third party assistance with salesforce (likely), and law enforcement notified with french authorities, law enforcement notified with dutch authorities, and containment measures with immediate access revocation for attackers, containment measures with isolation of affected platform, and remediation measures with security controls enhancement, remediation measures with preventive measures implementation, and communication strategy with joint public statement, communication strategy with direct customer notifications, communication strategy with vigilance advisories, and enhanced monitoring with yes, and third party assistance with securityscorecard, third party assistance with cyber rescue alliance, and communication strategy with webinar (august 20, 2025), communication strategy with supplier risk awareness, and remediation measures with complimentary credit monitoring service for affected customers, and communication strategy with public disclosure in august 2025, communication strategy with customer advisories (likely)..
Incident Details
Can you provide details on each incident ?
Title: Air France and KLM Customer Data Breach
Description: Attackers breached a customer service platform and stole the data of an undisclosed number of customers. The airlines have cut off the attackers' access and notified relevant authorities.
Date Publicly Disclosed: 2024-08-07
Type: Data Breach
Title: Cyberattack on Air France and KLM through a third-party service provider
Description: Unidentified hackers accessed Air France and KLM through a third-party service provider, stealing customer data including names, contact details, and more. Passport data was not compromised.
Type: Data Breach
Attack Vector: Third-party service provider compromise
Threat Actor: Unidentified (possibly Scattered Spider)
Title: Air France-KLM Customer Service Platform Data Breach
Description: Air France and KLM detected unusual activity on an external customer service platform, leading to unauthorized access to customer data. Hackers accessed personal details including names, emails, phone numbers, loyalty program information, and recent transactions. No financial details were stolen, but the compromised data is valuable for cybercriminals. The breach is linked to the ShinyHunters group, which has targeted Salesforce customer service systems used by major brands. The attack leveraged AI-powered social engineering, including voice cloning and deepfake impersonations, to bypass security measures. Authorities in France and the Netherlands were notified, and affected customers were advised to monitor for phishing attempts and suspicious activity.
Type: Data Breach
Attack Vector: AI-Amplified Social EngineeringThird-Party Customer Service Platform ExploitationVoice CloningDeepfake Impersonation
Vulnerability Exploited: Human Weakness in Customer ServiceLack of Robust Security Controls on Third-Party PlatformsAI-Generated Convincing Impersonations
Threat Actor: ShinyHunters
Motivation: Financial GainData MonetizationIdentity TheftLoyalty Program Fraud
Title: None
Description: The description mentions an upcoming webinar (August 20, 2025) hosted by **SecurityScorecard** and **Cyber Rescue Alliance**, focusing on cyber resilience, supply chain security, and recent breaches (including **Air France**, **Google**, and **Microsoft**). The event highlights that **one-third of breaches now originate via third parties** (per Verizon DBIR) and emphasizes proactive measures to mitigate supplier risks using **SecurityScorecard’s platform**. No specific incident details (e.g., dates, attack vectors, or impacts) are provided for any single breach.
Type: Supply Chain Breach (Anticipated)
Title: Air France Data Breach via Third-Party Vendor (Salesforce) Leading to Class Action Lawsuit
Description: Air France is facing a class action lawsuit over a cyber attack that resulted in the theft of personal details of tens of thousands of passengers, which were allegedly sold on the dark web. The breach occurred via a third-party vendor (Salesforce) supplying customer support software to Air France. Hackers accessed data including full names, contact details, frequent flyer status, and email subject lines. While no credit card or passport data was compromised, the stolen information could be used for identity theft or phishing scams. The lawsuit alleges Air France failed to implement adequate cybersecurity safeguards. The incident is linked to the Scattered Spider group, known for social engineering attacks.
Date Publicly Disclosed: 2025-08-mid
Type: data breach
Attack Vector: third-party vendor compromise (Salesforce)social engineering (Scattered Spider group)
Vulnerability Exploited: weak cybersecurity safeguards in third-party vendor (Salesforce)social engineering targeting IT helpdesks
Threat Actor: Scattered Spider group (alleged)unknown cybercriminals
Motivation: financial gain (data sold on dark web)identity theftphishing scams
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Third-party service provider, Third-Party Customer Service Platform (Likely Salesforce) and compromised Salesforce customer support software.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach AIR345080725
Data Compromised: Customer data
Systems Affected: External customer service platform
Brand Reputation Impact: Potential risk due to data theft
Identity Theft Risk: Customers advised to be vigilant for suspicious emails or phone calls
Payment Information Risk: Financial and personal information not affected
Incident : Data Breach AIR414080825
Data Compromised: Full names, contact details, Flying Blue numbers and tier levels, subject lines of service request emails
Identity Theft Risk: Possible
Payment Information Risk: None
Incident : Data Breach AIR541081825
Data Compromised: Names, Emails, Phone numbers, Loyalty program information, Recent transactions
Systems Affected: External Customer Service Platform (Salesforce-based)
Operational Impact: Customer NotificationsEnhanced MonitoringSecurity Measures Implementation
Brand Reputation Impact: Potential Erosion of TrustIncreased Scrutiny on Security Practices
Identity Theft Risk: ['High (Due to Personal Data Exposure)']
Payment Information Risk: ['None (No Financial Details Stolen)']
Incident : data breach AIR1292412100725
Data Compromised: Full names, Contact details, Frequent flyer status, Email subject lines of service requests
Systems Affected: Salesforce customer support software
Customer Complaints: ['class action lawsuit filed by Ethan Allison and Arya Soofiani']
Brand Reputation Impact: negative publicityloss of customer trustlegal scrutiny
Legal Liabilities: class action lawsuit (case number: 1:25-cv-07634)potential regulatory fines
Identity Theft Risk: ['high (due to exposed PII)', 'phishing scams targeting victims']
Payment Information Risk: ['low (no credit card or passport data accessed)']
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Customer data, Personal data, Personal Identifiable Information (Pii), Loyalty Program Data, Transaction Histories, , Personally Identifiable Information (Pii), Customer Service Request Metadata and .
Which entities were affected by each incident ?
Incident : Data Breach AIR345080725
Entity Name: Air France
Entity Type: Airline
Industry: Aviation
Location: France
Size: Large
Customers Affected: Undisclosed number
Incident : Data Breach AIR345080725
Entity Name: KLM
Entity Type: Airline
Industry: Aviation
Location: Netherlands
Size: Large
Customers Affected: Undisclosed number
Incident : Data Breach AIR414080825
Entity Name: KLM Royal Dutch Airlines
Entity Type: Airline
Industry: Aviation
Incident : Data Breach AIR541081825
Entity Name: Air France
Entity Type: Airline
Industry: Aviation
Location: France
Size: Large (Global Carrier)
Incident : Data Breach AIR541081825
Entity Name: KLM
Entity Type: Airline
Industry: Aviation
Location: Netherlands
Size: Large (Global Carrier)
Incident : Supply Chain Breach (Anticipated) AIR625081925
Entity Name: Air France
Entity Type: Airline
Industry: Aviation/Transportation
Location: France
Incident : Supply Chain Breach (Anticipated) AIR625081925
Entity Name: Google
Entity Type: Technology Company
Industry: Tech/Internet Services
Location: USA (Global)
Incident : Supply Chain Breach (Anticipated) AIR625081925
Entity Name: Microsoft
Entity Type: Technology Company
Industry: Tech/Software
Location: USA (Global)
Incident : data breach AIR1292412100725
Entity Name: Air France
Entity Type: airline
Industry: aviation
Location: France
Size: large (part of Air France-KLM Group)
Customers Affected: tens of thousands
Incident : data breach AIR1292412100725
Entity Name: KLM Royal Dutch Airlines
Entity Type: airline
Industry: aviation
Location: Netherlands
Size: large (part of Air France-KLM Group)
Incident : data breach AIR1292412100725
Entity Name: Salesforce (third-party vendor)
Entity Type: software provider
Industry: technology
Location: USA
Size: large
Incident : data breach AIR1292412100725
Entity Name: Qantas
Entity Type: airline
Industry: aviation
Location: Australia
Size: large
Incident : data breach AIR1292412100725
Entity Name: Cartier
Entity Type: luxury retailer
Industry: retail
Incident : data breach AIR1292412100725
Entity Name: Louis Vuitton
Entity Type: luxury retailer
Industry: retail
Incident : data breach AIR1292412100725
Entity Name: Pandora
Entity Type: jewelry retailer
Industry: retail
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach AIR345080725
Incident Response Plan Activated: Yes
Third Party Assistance: Yes
Law Enforcement Notified: Yes
Containment Measures: Cut off attackers' access
Remediation Measures: Implemented measures to prevent recurrence
Communication Strategy: Notifying impacted individuals
Incident : Data Breach AIR414080825
Incident Response Plan Activated: True
Containment Measures: Corrective measures implemented
Communication Strategy: Data breach notification letters sent to affected customers
Incident : Data Breach AIR541081825
Incident Response Plan Activated: Yes
Third Party Assistance: External It Security Teams, Salesforce (Likely).
Law Enforcement Notified: French Authorities, Dutch Authorities,
Containment Measures: Immediate Access Revocation for AttackersIsolation of Affected Platform
Remediation Measures: Security Controls EnhancementPreventive Measures Implementation
Communication Strategy: Joint Public StatementDirect Customer NotificationsVigilance Advisories
Enhanced Monitoring: Yes
Incident : Supply Chain Breach (Anticipated) AIR625081925
Third Party Assistance: Securityscorecard, Cyber Rescue Alliance.
Communication Strategy: Webinar (August 20, 2025)Supplier Risk Awareness
Incident : data breach AIR1292412100725
Remediation Measures: complimentary credit monitoring service for affected customers
Communication Strategy: public disclosure in August 2025customer advisories (likely)
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes, , Yes.
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Yes, , External IT Security Teams, Salesforce (Likely), , SecurityScorecard, Cyber Rescue Alliance, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach AIR345080725
Type of Data Compromised: Customer data
Number of Records Exposed: Undisclosed
Sensitivity of Data: Non-financial, non-personal
Data Exfiltration: Yes
Personally Identifiable Information: No
Incident : Data Breach AIR414080825
Type of Data Compromised: Personal data
Sensitivity of Data: Moderate
Personally Identifiable Information: Full names, contact details
Incident : Data Breach AIR541081825
Type of Data Compromised: Personal identifiable information (pii), Loyalty program data, Transaction histories
Sensitivity of Data: Moderate to High (Enough for Impersonation and Targeted Scams)
Data Exfiltration: Yes
Personally Identifiable Information: NamesEmailsPhone NumbersLoyalty Program DetailsTransaction Records
Incident : data breach AIR1292412100725
Type of Data Compromised: Personally identifiable information (pii), Customer service request metadata
Number of Records Exposed: tens of thousands
Sensitivity of Data: moderate (no financial or passport data, but PII exposed)
Data Exfiltration: data sold on the dark web
File Types Exposed: customer support recordsemail metadata
Personally Identifiable Information: full namescontact detailsfrequent flyer status
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Implemented measures to prevent recurrence, Security Controls Enhancement, Preventive Measures Implementation, , complimentary credit monitoring service for affected customers, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by cut off attackers' access, corrective measures implemented, immediate access revocation for attackers, isolation of affected platform and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach AIR345080725
Data Exfiltration: Yes
Incident : Data Breach AIR414080825
Data Exfiltration: True
Incident : Data Breach AIR541081825
Data Exfiltration: Yes (But Not Ransomware-Related)
Incident : data breach AIR1292412100725
Data Exfiltration: ['data stolen and sold on dark web']
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach AIR345080725
Regulatory Notifications: Dutch Data Protection Authority, CNIL
Incident : Data Breach AIR541081825
Regulatory Notifications: French Data Protection Authority (CNIL)Dutch Data Protection Authority (AP)
Incident : data breach AIR1292412100725
Legal Actions: class action lawsuit (case number: 1:25-cv-07634),
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through class action lawsuit (case number: 1:25-cv-07634), .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach AIR541081825
Lessons Learned: Third-party customer service platforms are high-value targets due to weak security controls and rich personal data., AI-powered impersonation (e.g., voice cloning, deepfakes) can bypass traditional human detection methods., Loyalty program data and transaction histories are lucrative for cybercriminals, enabling targeted scams and identity fraud., Rapid containment and customer communication are critical to mitigating reputational and operational damage., Multi-factor authentication (MFA) and phishing-resistant methods are essential for both customers and service representatives.
Incident : Supply Chain Breach (Anticipated) AIR625081925
Lessons Learned: Proactive supply chain security is critical, with **one-third of breaches originating from third parties** (Verizon DBIR). Tools like **SecurityScorecard** can help identify high-risk suppliers months in advance.
Incident : data breach AIR1292412100725
Lessons Learned: Third-party vendor risks must be rigorously assessed and mitigated, especially in high-target industries like aviation., Social engineering attacks (e.g., Scattered Spider tactics) require robust employee training and verification protocols., Public disclosure timing and transparency are critical to maintaining customer trust., Complimentary credit monitoring may not suffice for long-term harm caused by PII exposure.
What recommendations were made to prevent future incidents ?
Incident : Data Breach AIR541081825
Recommendations: Implement **phishing-resistant MFA** (e.g., app-based, biometric, or security keys) for all customer-facing and internal systems., Enhance **security controls on third-party platforms**, including behavioral analytics, anomaly detection, and strict access limits., Train customer service teams to recognize **AI-generated impersonations**, including voice cloning and deepfake red flags., Monitor **dark web markets** for stolen data (e.g., loyalty points, PII) and proactively alert affected customers., Encourage customers to use **unique passwords**, **password managers**, and **identity theft protection services**., Deploy **personal data removal services** to reduce exposure of customer information on data broker sites., Conduct **regular security audits** of third-party vendors, especially those handling sensitive customer data., Educate customers on **post-breach phishing risks**, including scams referencing real transactions or loyalty balances., Adopt **AI-driven fraud detection tools** to counter AI-powered attacks, creating a defensive 'AI arms race.', Establish a **dedicated incident response team** for third-party breaches, with clear escalation paths to law enforcement.Implement **phishing-resistant MFA** (e.g., app-based, biometric, or security keys) for all customer-facing and internal systems., Enhance **security controls on third-party platforms**, including behavioral analytics, anomaly detection, and strict access limits., Train customer service teams to recognize **AI-generated impersonations**, including voice cloning and deepfake red flags., Monitor **dark web markets** for stolen data (e.g., loyalty points, PII) and proactively alert affected customers., Encourage customers to use **unique passwords**, **password managers**, and **identity theft protection services**., Deploy **personal data removal services** to reduce exposure of customer information on data broker sites., Conduct **regular security audits** of third-party vendors, especially those handling sensitive customer data., Educate customers on **post-breach phishing risks**, including scams referencing real transactions or loyalty balances., Adopt **AI-driven fraud detection tools** to counter AI-powered attacks, creating a defensive 'AI arms race.', Establish a **dedicated incident response team** for third-party breaches, with clear escalation paths to law enforcement.Implement **phishing-resistant MFA** (e.g., app-based, biometric, or security keys) for all customer-facing and internal systems., Enhance **security controls on third-party platforms**, including behavioral analytics, anomaly detection, and strict access limits., Train customer service teams to recognize **AI-generated impersonations**, including voice cloning and deepfake red flags., Monitor **dark web markets** for stolen data (e.g., loyalty points, PII) and proactively alert affected customers., Encourage customers to use **unique passwords**, **password managers**, and **identity theft protection services**., Deploy **personal data removal services** to reduce exposure of customer information on data broker sites., Conduct **regular security audits** of third-party vendors, especially those handling sensitive customer data., Educate customers on **post-breach phishing risks**, including scams referencing real transactions or loyalty balances., Adopt **AI-driven fraud detection tools** to counter AI-powered attacks, creating a defensive 'AI arms race.', Establish a **dedicated incident response team** for third-party breaches, with clear escalation paths to law enforcement.Implement **phishing-resistant MFA** (e.g., app-based, biometric, or security keys) for all customer-facing and internal systems., Enhance **security controls on third-party platforms**, including behavioral analytics, anomaly detection, and strict access limits., Train customer service teams to recognize **AI-generated impersonations**, including voice cloning and deepfake red flags., Monitor **dark web markets** for stolen data (e.g., loyalty points, PII) and proactively alert affected customers., Encourage customers to use **unique passwords**, **password managers**, and **identity theft protection services**., Deploy **personal data removal services** to reduce exposure of customer information on data broker sites., Conduct **regular security audits** of third-party vendors, especially those handling sensitive customer data., Educate customers on **post-breach phishing risks**, including scams referencing real transactions or loyalty balances., Adopt **AI-driven fraud detection tools** to counter AI-powered attacks, creating a defensive 'AI arms race.', Establish a **dedicated incident response team** for third-party breaches, with clear escalation paths to law enforcement.Implement **phishing-resistant MFA** (e.g., app-based, biometric, or security keys) for all customer-facing and internal systems., Enhance **security controls on third-party platforms**, including behavioral analytics, anomaly detection, and strict access limits., Train customer service teams to recognize **AI-generated impersonations**, including voice cloning and deepfake red flags., Monitor **dark web markets** for stolen data (e.g., loyalty points, PII) and proactively alert affected customers., Encourage customers to use **unique passwords**, **password managers**, and **identity theft protection services**., Deploy **personal data removal services** to reduce exposure of customer information on data broker sites., Conduct **regular security audits** of third-party vendors, especially those handling sensitive customer data., Educate customers on **post-breach phishing risks**, including scams referencing real transactions or loyalty balances., Adopt **AI-driven fraud detection tools** to counter AI-powered attacks, creating a defensive 'AI arms race.', Establish a **dedicated incident response team** for third-party breaches, with clear escalation paths to law enforcement.Implement **phishing-resistant MFA** (e.g., app-based, biometric, or security keys) for all customer-facing and internal systems., Enhance **security controls on third-party platforms**, including behavioral analytics, anomaly detection, and strict access limits., Train customer service teams to recognize **AI-generated impersonations**, including voice cloning and deepfake red flags., Monitor **dark web markets** for stolen data (e.g., loyalty points, PII) and proactively alert affected customers., Encourage customers to use **unique passwords**, **password managers**, and **identity theft protection services**., Deploy **personal data removal services** to reduce exposure of customer information on data broker sites., Conduct **regular security audits** of third-party vendors, especially those handling sensitive customer data., Educate customers on **post-breach phishing risks**, including scams referencing real transactions or loyalty balances., Adopt **AI-driven fraud detection tools** to counter AI-powered attacks, creating a defensive 'AI arms race.', Establish a **dedicated incident response team** for third-party breaches, with clear escalation paths to law enforcement.Implement **phishing-resistant MFA** (e.g., app-based, biometric, or security keys) for all customer-facing and internal systems., Enhance **security controls on third-party platforms**, including behavioral analytics, anomaly detection, and strict access limits., Train customer service teams to recognize **AI-generated impersonations**, including voice cloning and deepfake red flags., Monitor **dark web markets** for stolen data (e.g., loyalty points, PII) and proactively alert affected customers., Encourage customers to use **unique passwords**, **password managers**, and **identity theft protection services**., Deploy **personal data removal services** to reduce exposure of customer information on data broker sites., Conduct **regular security audits** of third-party vendors, especially those handling sensitive customer data., Educate customers on **post-breach phishing risks**, including scams referencing real transactions or loyalty balances., Adopt **AI-driven fraud detection tools** to counter AI-powered attacks, creating a defensive 'AI arms race.', Establish a **dedicated incident response team** for third-party breaches, with clear escalation paths to law enforcement.Implement **phishing-resistant MFA** (e.g., app-based, biometric, or security keys) for all customer-facing and internal systems., Enhance **security controls on third-party platforms**, including behavioral analytics, anomaly detection, and strict access limits., Train customer service teams to recognize **AI-generated impersonations**, including voice cloning and deepfake red flags., Monitor **dark web markets** for stolen data (e.g., loyalty points, PII) and proactively alert affected customers., Encourage customers to use **unique passwords**, **password managers**, and **identity theft protection services**., Deploy **personal data removal services** to reduce exposure of customer information on data broker sites., Conduct **regular security audits** of third-party vendors, especially those handling sensitive customer data., Educate customers on **post-breach phishing risks**, including scams referencing real transactions or loyalty balances., Adopt **AI-driven fraud detection tools** to counter AI-powered attacks, creating a defensive 'AI arms race.', Establish a **dedicated incident response team** for third-party breaches, with clear escalation paths to law enforcement.Implement **phishing-resistant MFA** (e.g., app-based, biometric, or security keys) for all customer-facing and internal systems., Enhance **security controls on third-party platforms**, including behavioral analytics, anomaly detection, and strict access limits., Train customer service teams to recognize **AI-generated impersonations**, including voice cloning and deepfake red flags., Monitor **dark web markets** for stolen data (e.g., loyalty points, PII) and proactively alert affected customers., Encourage customers to use **unique passwords**, **password managers**, and **identity theft protection services**., Deploy **personal data removal services** to reduce exposure of customer information on data broker sites., Conduct **regular security audits** of third-party vendors, especially those handling sensitive customer data., Educate customers on **post-breach phishing risks**, including scams referencing real transactions or loyalty balances., Adopt **AI-driven fraud detection tools** to counter AI-powered attacks, creating a defensive 'AI arms race.', Establish a **dedicated incident response team** for third-party breaches, with clear escalation paths to law enforcement.Implement **phishing-resistant MFA** (e.g., app-based, biometric, or security keys) for all customer-facing and internal systems., Enhance **security controls on third-party platforms**, including behavioral analytics, anomaly detection, and strict access limits., Train customer service teams to recognize **AI-generated impersonations**, including voice cloning and deepfake red flags., Monitor **dark web markets** for stolen data (e.g., loyalty points, PII) and proactively alert affected customers., Encourage customers to use **unique passwords**, **password managers**, and **identity theft protection services**., Deploy **personal data removal services** to reduce exposure of customer information on data broker sites., Conduct **regular security audits** of third-party vendors, especially those handling sensitive customer data., Educate customers on **post-breach phishing risks**, including scams referencing real transactions or loyalty balances., Adopt **AI-driven fraud detection tools** to counter AI-powered attacks, creating a defensive 'AI arms race.', Establish a **dedicated incident response team** for third-party breaches, with clear escalation paths to law enforcement.
Incident : Supply Chain Breach (Anticipated) AIR625081925
Recommendations: Use **SecurityScorecard** to assess supplier cyber risk., Implement **network segmentation** and **enhanced monitoring** for third-party access., Attend industry webinars (e.g., August 20, 2025 event) for real-world insights., Negotiate cheaper cyber insurance by demonstrating resilience.Use **SecurityScorecard** to assess supplier cyber risk., Implement **network segmentation** and **enhanced monitoring** for third-party access., Attend industry webinars (e.g., August 20, 2025 event) for real-world insights., Negotiate cheaper cyber insurance by demonstrating resilience.Use **SecurityScorecard** to assess supplier cyber risk., Implement **network segmentation** and **enhanced monitoring** for third-party access., Attend industry webinars (e.g., August 20, 2025 event) for real-world insights., Negotiate cheaper cyber insurance by demonstrating resilience.Use **SecurityScorecard** to assess supplier cyber risk., Implement **network segmentation** and **enhanced monitoring** for third-party access., Attend industry webinars (e.g., August 20, 2025 event) for real-world insights., Negotiate cheaper cyber insurance by demonstrating resilience.
Incident : data breach AIR1292412100725
Recommendations: Implement multi-factor authentication (MFA) and stricter access controls for third-party vendors., Conduct regular security audits of third-party software providers, especially those handling customer data., Enhance employee training to detect and prevent social engineering attacks (e.g., fake IT helpdesk calls)., Develop a more comprehensive incident response plan, including long-term support for affected customers (e.g., identity theft protection)., Monitor dark web markets for exposed customer data and proactively notify affected individuals., Collaborate with industry peers (e.g., Qantas, other airlines) to share threat intelligence and best practices.Implement multi-factor authentication (MFA) and stricter access controls for third-party vendors., Conduct regular security audits of third-party software providers, especially those handling customer data., Enhance employee training to detect and prevent social engineering attacks (e.g., fake IT helpdesk calls)., Develop a more comprehensive incident response plan, including long-term support for affected customers (e.g., identity theft protection)., Monitor dark web markets for exposed customer data and proactively notify affected individuals., Collaborate with industry peers (e.g., Qantas, other airlines) to share threat intelligence and best practices.Implement multi-factor authentication (MFA) and stricter access controls for third-party vendors., Conduct regular security audits of third-party software providers, especially those handling customer data., Enhance employee training to detect and prevent social engineering attacks (e.g., fake IT helpdesk calls)., Develop a more comprehensive incident response plan, including long-term support for affected customers (e.g., identity theft protection)., Monitor dark web markets for exposed customer data and proactively notify affected individuals., Collaborate with industry peers (e.g., Qantas, other airlines) to share threat intelligence and best practices.Implement multi-factor authentication (MFA) and stricter access controls for third-party vendors., Conduct regular security audits of third-party software providers, especially those handling customer data., Enhance employee training to detect and prevent social engineering attacks (e.g., fake IT helpdesk calls)., Develop a more comprehensive incident response plan, including long-term support for affected customers (e.g., identity theft protection)., Monitor dark web markets for exposed customer data and proactively notify affected individuals., Collaborate with industry peers (e.g., Qantas, other airlines) to share threat intelligence and best practices.Implement multi-factor authentication (MFA) and stricter access controls for third-party vendors., Conduct regular security audits of third-party software providers, especially those handling customer data., Enhance employee training to detect and prevent social engineering attacks (e.g., fake IT helpdesk calls)., Develop a more comprehensive incident response plan, including long-term support for affected customers (e.g., identity theft protection)., Monitor dark web markets for exposed customer data and proactively notify affected individuals., Collaborate with industry peers (e.g., Qantas, other airlines) to share threat intelligence and best practices.Implement multi-factor authentication (MFA) and stricter access controls for third-party vendors., Conduct regular security audits of third-party software providers, especially those handling customer data., Enhance employee training to detect and prevent social engineering attacks (e.g., fake IT helpdesk calls)., Develop a more comprehensive incident response plan, including long-term support for affected customers (e.g., identity theft protection)., Monitor dark web markets for exposed customer data and proactively notify affected individuals., Collaborate with industry peers (e.g., Qantas, other airlines) to share threat intelligence and best practices.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Third-party customer service platforms are high-value targets due to weak security controls and rich personal data.,AI-powered impersonation (e.g., voice cloning, deepfakes) can bypass traditional human detection methods.,Loyalty program data and transaction histories are lucrative for cybercriminals, enabling targeted scams and identity fraud.,Rapid containment and customer communication are critical to mitigating reputational and operational damage.,Multi-factor authentication (MFA) and phishing-resistant methods are essential for both customers and service representatives.Proactive supply chain security is critical, with **one-third of breaches originating from third parties** (Verizon DBIR). Tools like **SecurityScorecard** can help identify high-risk suppliers months in advance.Third-party vendor risks must be rigorously assessed and mitigated, especially in high-target industries like aviation.,Social engineering attacks (e.g., Scattered Spider tactics) require robust employee training and verification protocols.,Public disclosure timing and transparency are critical to maintaining customer trust.,Complimentary credit monitoring may not suffice for long-term harm caused by PII exposure.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Encourage customers to use **unique passwords**, **password managers**, and **identity theft protection services**., Conduct **regular security audits** of third-party vendors, especially those handling sensitive customer data., Deploy **personal data removal services** to reduce exposure of customer information on data broker sites., Implement **phishing-resistant MFA** (e.g., app-based, biometric, or security keys) for all customer-facing and internal systems., Establish a **dedicated incident response team** for third-party breaches, with clear escalation paths to law enforcement., Educate customers on **post-breach phishing risks**, including scams referencing real transactions or loyalty balances., Enhance **security controls on third-party platforms**, including behavioral analytics, anomaly detection, and strict access limits., Adopt **AI-driven fraud detection tools** to counter AI-powered attacks, creating a defensive 'AI arms race.', Monitor **dark web markets** for stolen data (e.g., loyalty points, PII) and proactively alert affected customers., Train customer service teams to recognize **AI-generated impersonations** and including voice cloning and deepfake red flags..
References
Where can I find more information about each incident ?
Incident : Data Breach AIR345080725
Source: BleepingComputer
Incident : Data Breach AIR414080825
Source: Tweakers
Incident : Data Breach AIR414080825
Source: Cybernews
Incident : Data Breach AIR541081825
Source: Fox News - CyberGuy Report
URL: https://www.foxnews.com/tech/air-france-klm-data-breach-hackers-access-customer-details
Incident : Data Breach AIR541081825
Source: Incode Technologies (Ricardo Amper, CEO)
Incident : Data Breach AIR541081825
Source: CyberGuy.com - Protection Tips
Incident : Supply Chain Breach (Anticipated) AIR625081925
Source: Verizon DBIR (Data Breach Investigations Report)
Incident : Supply Chain Breach (Anticipated) AIR625081925
Source: SecurityScorecard Webinar (August 20, 2025)
Incident : data breach AIR1292412100725
Source: Class action lawsuit filing (Southern District of New York)
Incident : data breach AIR1292412100725
Source: Air France-KLM Group public disclosure (August 2025)
Incident : data breach AIR1292412100725
Source: Unit 42 report on Scattered Spider targeting airlines
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: BleepingComputer, and Source: Tweakers, and Source: Cybernews, and Source: Fox News - CyberGuy ReportUrl: https://www.foxnews.com/tech/air-france-klm-data-breach-hackers-access-customer-details, and Source: Incode Technologies (Ricardo Amper, CEO), and Source: CyberGuy.com - Protection TipsUrl: https://www.cyberguy.com/, and Source: Verizon DBIR (Data Breach Investigations Report), and Source: SecurityScorecard Webinar (August 20, 2025)Url: https://lnkd.in/g6Rh5EQW, and Source: Class action lawsuit filing (Southern District of New York), and Source: Air France-KLM Group public disclosure (August 2025), and Source: Unit 42 report on Scattered Spider targeting airlines.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach AIR345080725
Investigation Status: Ongoing
Incident : Data Breach AIR541081825
Investigation Status: Ongoing (Authorities Notified, Containment Achieved)
Incident : data breach AIR1292412100725
Investigation Status: ['ongoing (class action lawsuit in progress)', 'no public details on technical investigation']
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notifying impacted individuals, Data breach notification letters sent to affected customers, Joint Public Statement, Direct Customer Notifications, Vigilance Advisories, Webinar (August 20, 2025), Supplier Risk Awareness, Public Disclosure In August 2025 and Customer Advisories (Likely).
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach AIR345080725
Customer Advisories: Customers advised to be vigilant for suspicious emails or phone calls
Incident : Data Breach AIR414080825
Customer Advisories: Data breach notification letters sent
Incident : Data Breach AIR541081825
Stakeholder Advisories: Customers Advised To Enable Mfa, Monitor Accounts, And Watch For Phishing Attempts., Airlines Urged To Audit Third-Party Security And Enhance Employee Training On Ai Impersonation Risks..
Customer Advisories: Be vigilant for **phishing emails/phone calls** referencing recent flights or loyalty programs.Enable **multi-factor authentication (MFA)** on all accounts, especially airline and financial services.Monitor **loyalty program balances** and **bank statements** for unauthorized activity.Use **strong, unique passwords** and a **password manager** to prevent credential stuffing.Consider **identity theft protection** and **personal data removal services** to reduce exposure.Report suspicious activity to the airline and relevant authorities immediately.
Incident : Supply Chain Breach (Anticipated) AIR625081925
Stakeholder Advisories: Webinar For Supply Chain Security Best Practices..
Incident : data breach AIR1292412100725
Customer Advisories: complimentary credit monitoring offeredlikely notifications to affected passengers
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Customers advised to be vigilant for suspicious emails or phone calls, Data breach notification letters sent, Customers Advised To Enable Mfa, Monitor Accounts, And Watch For Phishing Attempts., Airlines Urged To Audit Third-Party Security And Enhance Employee Training On Ai Impersonation Risks., Be Vigilant For **Phishing Emails/Phone Calls** Referencing Recent Flights Or Loyalty Programs., Enable **Multi-Factor Authentication (Mfa)** On All Accounts, Especially Airline And Financial Services., Monitor **Loyalty Program Balances** And **Bank Statements** For Unauthorized Activity., Use **Strong, Unique Passwords** And A **Password Manager** To Prevent Credential Stuffing., Consider **Identity Theft Protection** And **Personal Data Removal Services** To Reduce Exposure., Report Suspicious Activity To The Airline And Relevant Authorities Immediately., , Webinar For Supply Chain Security Best Practices., Complimentary Credit Monitoring Offered, Likely Notifications To Affected Passengers and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach AIR414080825
Entry Point: Third-party service provider
Incident : Data Breach AIR541081825
Entry Point: Third-Party Customer Service Platform (Likely Salesforce)
High Value Targets: Customer Pii, Loyalty Program Data, Transaction Histories,
Data Sold on Dark Web: Customer Pii, Loyalty Program Data, Transaction Histories,
Incident : data breach AIR1292412100725
Entry Point: Compromised Salesforce Customer Support Software,
High Value Targets: Customer Pii, Frequent Flyer Data,
Data Sold on Dark Web: Customer Pii, Frequent Flyer Data,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach AIR345080725
Corrective Actions: Implemented measures to prevent recurrence
Incident : Data Breach AIR541081825
Root Causes: Over-Reliance On Third-Party Platforms With Inadequate Security Controls., Lack Of Preparedness For Ai-Powered Social Engineering Attacks (E.G., Voice Cloning)., Human Vulnerability In Customer Service Roles, Exploited Via Convincing Impersonations., Insufficient Segmentation Between Third-Party Systems And Core Airline Networks (Though Internal Systems Remained Secure).,
Corrective Actions: Terminated Attackers' Access And Secured The Compromised Platform., Implemented Additional Security Measures To Prevent Recurrence (Details Undisclosed)., Notified Regulatory Authorities In France And The Netherlands., Communicated Transparently With Affected Customers, Advising Vigilance., Likely Reviewing Third-Party Vendor Security Policies And Ai Fraud Detection Capabilities.,
Incident : Supply Chain Breach (Anticipated) AIR625081925
Root Causes: Third-Party Vulnerabilities (Per Verizon Dbir),
Corrective Actions: Supplier Risk Scoring (E.G., Securityscorecard), Proactive Monitoring,
Incident : data breach AIR1292412100725
Root Causes: Inadequate Cybersecurity Safeguards At Third-Party Vendor (Salesforce)., Lack Of Employee Training To Prevent Social Engineering Attacks (E.G., Scattered Spider Tactics)., Failure To Anticipate And Mitigate Risks Despite Prior Warnings (E.G., Qantas Breach In July 2025).,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as External It Security Teams, Salesforce (Likely), , Yes, Securityscorecard, Cyber Rescue Alliance, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Implemented measures to prevent recurrence, Terminated Attackers' Access And Secured The Compromised Platform., Implemented Additional Security Measures To Prevent Recurrence (Details Undisclosed)., Notified Regulatory Authorities In France And The Netherlands., Communicated Transparently With Affected Customers, Advising Vigilance., Likely Reviewing Third-Party Vendor Security Policies And Ai Fraud Detection Capabilities., , Supplier Risk Scoring (E.G., Securityscorecard), Proactive Monitoring, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Unidentified (possibly Scattered Spider), ShinyHunters and Scattered Spider group (alleged)unknown cybercriminals.
Incident Details
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-08-mid.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Customer data, Full names, contact details, Flying Blue numbers and tier levels, subject lines of service request emails, Names, Emails, Phone Numbers, Loyalty Program Information, Recent Transactions, , full names, contact details, frequent flyer status, email subject lines of service requests and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was External Customer Service Platform (Salesforce-based) and Salesforce customer support software.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was external it security teams, salesforce (likely), , securityscorecard, cyber rescue alliance, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Cut off attackers' access, Corrective measures implemented and Immediate Access Revocation for AttackersIsolation of Affected Platform.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Full names, contact details, Flying Blue numbers and tier levels, subject lines of service request emails, Recent Transactions, frequent flyer status, Loyalty Program Information, Customer data, Names, full names, Emails, Phone Numbers, email subject lines of service requests and contact details.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 0.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was class action lawsuit (case number: 1:25-cv-07634), .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Complimentary credit monitoring may not suffice for long-term harm caused by PII exposure.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Encourage customers to use **unique passwords**, **password managers**, and **identity theft protection services**., Conduct **regular security audits** of third-party vendors, especially those handling sensitive customer data., Use **SecurityScorecard** to assess supplier cyber risk., Conduct regular security audits of third-party software providers, especially those handling customer data., Attend industry webinars (e.g., August 20, 2025 event) for real-world insights., Implement **network segmentation** and **enhanced monitoring** for third-party access., Establish a **dedicated incident response team** for third-party breaches, with clear escalation paths to law enforcement., Educate customers on **post-breach phishing risks**, including scams referencing real transactions or loyalty balances., Enhance **security controls on third-party platforms**, including behavioral analytics, anomaly detection, and strict access limits., Adopt **AI-driven fraud detection tools** to counter AI-powered attacks, creating a defensive 'AI arms race.', Monitor dark web markets for exposed customer data and proactively notify affected individuals., Enhance employee training to detect and prevent social engineering attacks (e.g., fake IT helpdesk calls)., Develop a more comprehensive incident response plan, including long-term support for affected customers (e.g., identity theft protection)., Train customer service teams to recognize **AI-generated impersonations**, including voice cloning and deepfake red flags., Deploy **personal data removal services** to reduce exposure of customer information on data broker sites., Implement **phishing-resistant MFA** (e.g., app-based, biometric, or security keys) for all customer-facing and internal systems., Implement multi-factor authentication (MFA) and stricter access controls for third-party vendors., Collaborate with industry peers (e.g., Qantas, other airlines) to share threat intelligence and best practices., Negotiate cheaper cyber insurance by demonstrating resilience., Monitor **dark web markets** for stolen data (e.g., loyalty points and PII) and proactively alert affected customers..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Verizon DBIR (Data Breach Investigations Report), Unit 42 report on Scattered Spider targeting airlines, Fox News - CyberGuy Report, CyberGuy.com - Protection Tips, Cybernews, Class action lawsuit filing (Southern District of New York), Incode Technologies (Ricardo Amper, CEO), Tweakers, BleepingComputer, SecurityScorecard Webinar (August 20, 2025) and Air France-KLM Group public disclosure (August 2025).
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.foxnews.com/tech/air-france-klm-data-breach-hackers-access-customer-details, https://www.cyberguy.com/, https://lnkd.in/g6Rh5EQW .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Customers advised to enable MFA, monitor accounts, and watch for phishing attempts., Airlines urged to audit third-party security and enhance employee training on AI impersonation risks., Webinar for supply chain security best practices., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Customers advised to be vigilant for suspicious emails or phone calls, Data breach notification letters sent, Be vigilant for **phishing emails/phone calls** referencing recent flights or loyalty programs.Enable **multi-factor authentication (MFA)** on all accounts, especially airline and financial services.Monitor **loyalty program balances** and **bank statements** for unauthorized activity.Use **strong, unique passwords** and a **password manager** to prevent credential stuffing.Consider **identity theft protection** and **personal data removal services** to reduce exposure.Report suspicious activity to the airline and relevant authorities immediately. and complimentary credit monitoring offeredlikely notifications to affected passengers.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Third-Party Customer Service Platform (Likely Salesforce) and Third-party service provider.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Over-reliance on third-party platforms with inadequate security controls.Lack of preparedness for AI-powered social engineering attacks (e.g., voice cloning).Human vulnerability in customer service roles, exploited via convincing impersonations.Insufficient segmentation between third-party systems and core airline networks (though internal systems remained secure)., Third-party vulnerabilities (per Verizon DBIR), Inadequate cybersecurity safeguards at third-party vendor (Salesforce).Lack of employee training to prevent social engineering attacks (e.g., Scattered Spider tactics).Failure to anticipate and mitigate risks despite prior warnings (e.g., Qantas breach in July 2025)..
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Implemented measures to prevent recurrence, Terminated attackers' access and secured the compromised platform.Implemented additional security measures to prevent recurrence (details undisclosed).Notified regulatory authorities in France and the Netherlands.Communicated transparently with affected customers, advising vigilance.Likely reviewing third-party vendor security policies and AI fraud detection capabilities., Supplier risk scoring (e.g., SecurityScorecard)Proactive monitoring.
.png)
Latest Global CVEs (Not Company-Specific)
Description
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain a Stored Cross-Site Scripting (XSS) vulnerability in the /WeGIA/html/geral/configurar_senhas.php endpoint. The application does not sanitize user-controlled data before rendering it inside the employee selection dropdown. The application retrieves employee names from the database and injects them directly into HTML <option> elements without proper escaping. This issue is fixed in version 3.5.5.
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Description
ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint insecurely routes to a value that is supplied in the post_logout_redirect GET parameter. As a result, unauthenticated remote attacker can execute malicious JS code on Zitadel users’ browsers. To carry out an attack, multiple user sessions need to be active in the same browser, however, account takeover is mitigated when using Multi-Factor Authentication (MFA) or Passwordless authentication. This issue is fixed in version 4.7.1.
Risk Information
cvss3
Base: 8.0
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Description
ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI (V2) treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This allows an unauthenticated attacker to force the server to make HTTP requests to arbitrary domains, such as internal addresses, and read the responses, enabling data exfiltration and bypassing network-segmentation controls. This issue is fixed in version 4.7.1.
Risk Information
cvss3
Base: 9.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Description
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.add_media_files() function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target user regardless of valid credentials. This issue is fixed in versions 16.0.44 and 17.0.23.
Risk Information
cvss4
Base: 9.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/FreePBX/framework/commit/04224253156543cd9932b90458660b2f19fc0e35#diff-72f14a52840a61504a8e03cd195035b44e488aecd634b001bc6412a04bdc940bR20-R50
- https://github.com/FreePBX/security-reporting/security/advisories/GHSA-9jvh-mv6x-w698
- https://www.freepbx.org/watch-what-we-do-with-security-fixes-%f0%9f%91%80
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=air-france' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
