Air France and KLM have informed Flying Blue customers that some of their personal information was exposed after their accounts were breached.
Flying Blue is a loyalty program allowing clients of multiple airlines, including Air France, KLM, Transavia, Aircalin, Kenya Airways, and TAROM, to exchange loyalty points for various rewards.
“Our security operations teams have detected suspicious behavior by an unauthorized entity in relation to your account. We have immediately implemented corrective action to prevent further exposure of your data,” notifications sent to affected customers said.
“Our Information Security department is taking actions to prevent any suspicious activity with regard to your account.”
KLM’s official Twitter account confirmed the attack and told one of the impacted customers that “the attack was blocked in time and no miles were charged.”
“I do however invite you to change your Flying Blue-password via the Flying Blue-website,” KLM said.
This followed reports [1, 2, 3] across social media networks from customers who have received the breach notifications.
The list of potentially compromised data includes their names, email addresses, phone numbers, latest transactions, and Flying Blue information like their earned miles balance.
The breach alerts added that this incident did not expose customers’ credit card or payment information.
Affected customers were also warned that their accounts had been locked due to the breach and that they must go to the KLM and Air France websites to change their passwords.
KLM and Air France didn’t reply to requests for comment when BleepingComputer reached out earlier today.