Air France-KLM A.I CyberSecurity Scoring
Air France-KLM
Company Information
Website:http://www.airfranceklm.com/en
Employees number:26,559
Number of followers:1,000
NAICS:481
Industry Type:Airlines and Aviation
Homepage:airfranceklm.com
Air France-KLM Risk Score (AI oriented)
Between 650 and 699
Air France-KLMAirlines and Aviation
Updated:
04/04/2026
04/04/2026
650/1000
Weak
B
Air France-KLM Global Score (TPRM)
xxxx
Air France-KLMAirlines and Aviation
Score locked

Air France-KLMWeak
Current Score
650B (WEAK)
01000
3 incidents
-61 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
664
JUNE 2026
664
MAY 2026
655
APRIL 2026
652
MARCH 2026
651
FEBRUARY 2026
648
JANUARY 2026
646
DECEMBER 2025
644
NOVEMBER 2025
641
OCTOBER 2025
639
SEPTEMBER 2025
636
AUGUST 2025
695
Breach
18 Aug 2025 • Air France-KLM
Air France-KLM
Air France-KLM Customer Service Platform Data Breach
634
CRITICAL-61
AIR541081825
Air France and KLM suffered a data breach on their external customer service platform, where hackers gained unauthorized access to customer personal data, including names, emails, phone numbers, loyalty program details, and recent transactions. While no financial data was stolen, the exposed information remains highly valuable for cybercriminals, enabling AI-powered impersonation attacks, phishing, and fraudulent account takeovers. The breach was linked to the ShinyHunters hacker group, which exploited third-party vulnerabilities in Salesforce-based customer service systems. Authorities in France and the Netherlands were notified, and affected customers were advised to monitor for suspicious communications and fraudulent activity. The airlines confirmed that internal systems remained secure, but the incident highlights the growing risk of AI-driven social engineering attacks targeting customer support portals.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JUNE 2025
754
Breach
16 Jun 2025 • Air France-KLM
Air France
692
CRITICAL-62
AIR625081925
In a recent cybersecurity incident involving Air France, the airline fell victim to a third-party supply chain breach, a growing trend highlighted in the Verizon DBIR report (2025). The attack exploited vulnerabilities within one of Air France’s critical vendors, likely a supplier handling passenger data, booking systems, or operational logistics. While specifics remain undisclosed, the breach led to unauthorized access to customer personal and financial information, including booking details, payment records, and potentially frequent flyer accounts. The incident triggered regulatory scrutiny under GDPR, given the exposure of EU citizen data, and prompted Air France to initiate emergency containment protocols. Customers reported fraudulent transactions linked to compromised accounts, while the airline faced reputational damage due to media coverage and public distrust. Operational disruptions, such as delayed refunds or loyalty program freezes, further exacerbated the fallout. Air France’s cyber insurance premiums are expected to surge, reflecting heightened risk exposure. The breach underscores the cascading risks of supply chain vulnerabilities, where a single weak link in a vendor’s security posture can cripple a global enterprise.
INCIDENT DETAILS -
TYPE
REFERENCES
JULY 2023
763
Cyber Attack
01 Jul 2023 • Air France-KLM
Air France
Air France Data Breach via Third-Party Vendor (Salesforce) Leading to Class Action Lawsuit
742
CRITICAL-21
AIR1292412100725
Air France suffered a cyber attack via a third-party vendor (Salesforce), compromising the personal data of tens of thousands of passengers, including full names, contact details, frequent flyer status, and email subject lines from service requests. While credit card or passport data was not accessed, the stolen information was allegedly sold on the dark web, exposing victims to identity theft and phishing scams. The breach, linked to the Scattered Spider hacking group, exploited social engineering tactics to infiltrate Air France’s customer support systems. A class-action lawsuit (filed in New York under 1:25-cv-07634) accuses the airline of negligent cybersecurity practices, failing to prevent, detect, or mitigate the breach despite prior warnings about aviation sector vulnerabilities. Although Air France offered complimentary credit monitoring, plaintiffs argue this does not address the long-term risks of fraud and privacy violations. The incident mirrors a similar attack on Qantas via the same Salesforce vulnerability in July 2023.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Air France-KLM ??
What was Air France-KLM's A.I Rankiteo Cyber Score in June 2026 ??
What was Air France-KLM's A.I Rankiteo Cyber Score in May 2026 ??
What was Air France-KLM's A.I Rankiteo Cyber Score in April 2026 ??
What was Air France-KLM's A.I Rankiteo Cyber Score in March 2026 ??
What was Air France-KLM's A.I Rankiteo Cyber Score in February 2026 ??
What was Air France-KLM's A.I Rankiteo Cyber Score in January 2026 ??
What was Air France-KLM's A.I Rankiteo Cyber Score in December 2025 ??
What was Air France-KLM's A.I Rankiteo Cyber Score in November 2025 ??
What was Air France-KLM's A.I Rankiteo Cyber Score in October 2025 ??
What was Air France-KLM's A.I Rankiteo Cyber Score in September 2025 ??
What was Air France-KLM's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Air France-KLM's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Air France-KLM ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Air France-KLM's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?