KLM Data Breach: Flying Blue Members Receive Email Notification Here's What Was Exposed

(MENAFN- Live Mint) KLM has reportedly confirmed that a data breach at an external customer service provider has resulted in the exposure of personal details of several customers, including those enrolled in its Flying Blue loyalty programme.

According to a report by Techzin , the breach involved unauthorised access to a third-party customer support platform used by both KLM and its partner airline, Air France. While KLM emphasised that sensitive information, such as passwords, travel dates, passport numbers, credit card details, and Flying Blue miles, was not compromised, the airline admitted that some personal data was indeed accessed.

Exposed data linked to customer support interactions

In a message to affected customers, KLM revealed that the compromised data may include first and last names, phone numbers, email addresses, Flying Blue membership numbers and status levels, as well as the subject lines of previous customer service requests, the report added. The breach reportedly affects those who had previously contacted the airline's customer support.

As per the publication, KLM clarified that its internal systems remained secure and were not impacted by the incident. The airline's IT security team, along with the external vendor, acted quickly to contain the breach and reinforce data protection protocols.

"This resulted in unauthorised access to customer data," said a KLM spokesperson. "Our dedicated teams, together with the third-party system involved, quickly took the necessary steps to address the situation and reinforce protective measures to prevent this from happening again."

Regulators notified in the Netherlands and France

The incident has been reported to relevant authorities, with KLM notifying the Dutch Data Protection Authority (Autoriteit Persoonsgegevens ), and Air France contacting the French data watchdog CNIL.

Though no critical financial or travel-related data was exposed, security experts warn that the stolen information could be exploited to craft convincing phishing messages or fraudulent communication, the report noted. KLM is urging its customers to be particularly cautious when receiving unexpected emails or phone calls requesting personal information or prompting urgent action.

This is not the first time KLM has faced data privacy concerns . In December 2023, Dutch broadcaster NOS reported that a flaw in KLM's SMS system allowed flight information to be accessed without proper authentication. Earlier the same year, another breach involving the Flying Blue programme had similarly exposed customer data.

KLM informs customers via email

In a communication to affected customers, as shared by a flyer on X, the airline expressed its regret. The message, signed by Barry ter Voert, Chief Experience Officer at KLM, read:

“We understand the concern this may cause, and we deeply regret any inconvenience this may have caused you.”

Affected individuals are being encouraged to stay alert and to report any suspicious activity to the KLM Customer Contact Centre.

MENAFN06082025007365015876ID1109894940