Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Air France-KLM

Air France-KLM Vendor Cyber Rating & Cyber Score

airfranceklm.com

The leading group in terms of intercontinental traffic on departure from Europe, Air France-KLM is a major global air transport player. Its main businesses are passenger transportation, cargo transportation and aeronautical maintenance.


Air France-KLM A.I CyberSecurity Scoring

Air France-KLM
Company Information
Website:http://www.airfranceklm.com/en
Employees number:26,559
Number of followers:1,000
NAICS:481
Industry Type:Airlines and Aviation
Homepage:airfranceklm.com
Air France-KLM Risk Score (AI oriented)
Between 650 and 699
logo
Air France-KLMAirlines and Aviation
Updated:
04/04/2026
650/1000
Weak
B
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Air France-KLM Global Score (TPRM)
xxxx
logo
Air France-KLMAirlines and Aviation
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Air France-KLM
Air France-KLMWeak
Current Score
650B (WEAK)
01000
3 incidents
-61 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
664Before Incident
JUNE 2026
664Before Incident
MAY 2026
655Before Incident
APRIL 2026
652Before Incident
MARCH 2026
651Before Incident
FEBRUARY 2026
648Before Incident
JANUARY 2026
646Before Incident
DECEMBER 2025
644Before Incident
NOVEMBER 2025
641Before Incident
OCTOBER 2025
639Before Incident
SEPTEMBER 2025
636Before Incident
AUGUST 2025
695Before Incident
Breach
18 Aug 2025Air France-KLM
Air France-KLM

Air France-KLM Customer Service Platform Data Breach

634After Incident
CRITICAL-61
AIR541081825
Air France and KLM suffered a data breach on their external customer service platform, where hackers gained unauthorized access to customer personal data, including names, emails, phone numbers, loyalty program details, and recent transactions. While no financial data was stolen, the exposed information remains highly valuable for cybercriminals, enabling AI-powered impersonation attacks, phishing, and fraudulent account takeovers. The breach was linked to the ShinyHunters hacker group, which exploited third-party vulnerabilities in Salesforce-based customer service systems. Authorities in France and the Netherlands were notified, and affected customers were advised to monitor for suspicious communications and fraudulent activity. The airlines confirmed that internal systems remained secure, but the incident highlights the growing risk of AI-driven social engineering attacks targeting customer support portals.
INCIDENT DETAILS -
TYPE
Data BreachSocial EngineeringAI-Powered Impersonation
MOTIVATION
Financial GainData MonetizationIdentity TheftLoyalty Program Fraud
IMPACT
NamesEmailsPhone NumbersLoyalty Program InformationRecent TransactionsExternal Customer Service Platform (Salesforce-based)Customer NotificationsEnhanced MonitoringSecurity Measures ImplementationPotential Erosion of TrustIncreased Scrutiny on Security PracticesHigh (Due to Personal Data Exposure)None (No Financial Details Stolen)
DATA BREACH
Personal Identifiable Information (PII)Loyalty Program DataTransaction HistoriesModerate to High (Enough for Impersonation and Targeted Scams)Data Exfiltration: YesNamesEmailsPhone NumbersLoyalty Program DetailsTransaction Records
JUNE 2025
754Before Incident
Breach
16 Jun 2025Air France-KLM
Air France

692After Incident
CRITICAL-62
AIR625081925
In a recent cybersecurity incident involving Air France, the airline fell victim to a third-party supply chain breach, a growing trend highlighted in the Verizon DBIR report (2025). The attack exploited vulnerabilities within one of Air France’s critical vendors, likely a supplier handling passenger data, booking systems, or operational logistics. While specifics remain undisclosed, the breach led to unauthorized access to customer personal and financial information, including booking details, payment records, and potentially frequent flyer accounts. The incident triggered regulatory scrutiny under GDPR, given the exposure of EU citizen data, and prompted Air France to initiate emergency containment protocols. Customers reported fraudulent transactions linked to compromised accounts, while the airline faced reputational damage due to media coverage and public distrust. Operational disruptions, such as delayed refunds or loyalty program freezes, further exacerbated the fallout. Air France’s cyber insurance premiums are expected to surge, reflecting heightened risk exposure. The breach underscores the cascading risks of supply chain vulnerabilities, where a single weak link in a vendor’s security posture can cripple a global enterprise.
INCIDENT DETAILS -
TYPE
Supply Chain Breach (Anticipated)Third-Party Risk Discussion
JULY 2023
763Before Incident
Cyber Attack
01 Jul 2023Air France-KLM
Air France

Air France Data Breach via Third-Party Vendor (Salesforce) Leading to Class Action Lawsuit

742After Incident
CRITICAL-21
AIR1292412100725
Air France suffered a cyber attack via a third-party vendor (Salesforce), compromising the personal data of tens of thousands of passengers, including full names, contact details, frequent flyer status, and email subject lines from service requests. While credit card or passport data was not accessed, the stolen information was allegedly sold on the dark web, exposing victims to identity theft and phishing scams. The breach, linked to the Scattered Spider hacking group, exploited social engineering tactics to infiltrate Air France’s customer support systems. A class-action lawsuit (filed in New York under 1:25-cv-07634) accuses the airline of negligent cybersecurity practices, failing to prevent, detect, or mitigate the breach despite prior warnings about aviation sector vulnerabilities. Although Air France offered complimentary credit monitoring, plaintiffs argue this does not address the long-term risks of fraud and privacy violations. The incident mirrors a similar attack on Qantas via the same Salesforce vulnerability in July 2023.
INCIDENT DETAILS -
TYPE
data breachthird-party breachclass action lawsuit
MOTIVATION
financial gain (data sold on dark web)identity theftphishing scams
IMPACT
full namescontact detailsfrequent flyer statusemail subject lines of service requestsSalesforce customer support softwareclass action lawsuit filed by Ethan Allison and Arya Soofianinegative publicityloss of customer trustlegal scrutinyclass action lawsuit (case number: 1:25-cv-07634)potential regulatory fineshigh (due to exposed PII)phishing scams targeting victimslow (no credit card or passport data accessed)
DATA BREACH
personally identifiable information (PII)customer service request metadataNumber Of Records Exposed: tens of thousandsmoderate (no financial or passport data, but PII exposed)data sold on the dark webcustomer support recordsemail metadatafull namescontact detailsfrequent flyer status

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Air France-KLM ?
?
What was Air France-KLM's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Air France-KLM's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Air France-KLM's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Air France-KLM's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Air France-KLM's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Air France-KLM's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Air France-KLM's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Air France-KLM's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Air France-KLM's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Air France-KLM's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Air France-KLM's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Air France-KLM's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Air France-KLM ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Air France-KLM's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?