AMSTERDAM--Royal Dutch Airlines KLM confirmed on Wednesday that its customers were affected by a leak of personal data, blaming an issue with an external platform used to manage customer service.
As a result, it was possible for hackers to gain unauthorised access to the personal information of an unknown number of customers, KLM said in a statement.
Customer names, contact details and account numbers from the Flying Blue rewards programme may have been illicitly viewed or captured due to the leak. Cybercriminals may also have accessed the subject lines of service request e-mails, and the notes made by KLM customer service representatives.
KLM has reported the breach to the Dutch privacy watchdog AP.
KLM’s sister airline, Air France, has done the same with the authorities in France.
Customers whose data may have been accessed will be notified and they will also be advised to be alert for suspicious e-mails or phone calls, KLM said.
KLM did not disclose the number of affected customers and, when asked by reporters, a KLM spokesperson said they could not provide any details. For “security reasons”, the airline also declined to disclose which external platform was involved.
No other sensitive data was stolen, such as passwords, travel details, Flying Blue miles, passport information or credit card data, KLM said. The airline’s internal systems, as well as those of Air France, were not affected.
Other companies have also reportedly been affected by the leak. According to KLM, immediate action was taken together with the external platform to stop the unauthorised access.
