Air France and KLM have disclosed that threat actors had breached a customer service platform and stolen the data of an undisclosed number of customers via a supply chain attack:
The companies, both owned by the same airline holding firm, sent out data breach notification letters to affected customers, and in a statement shared with Tweakers, KLM said the incident happened when threat actors broke into a third-party service provider.
“Unusual activity was detected on a third-party platform used by our contact centres, which led our IT security team, together with the third-party system involved, to swiftly implement corrective measures to put an end to the incident,” the company also told Cybernews.
Lidia Lopez, Strategic Research Team Lead at Outpost24, has provided the following commentary:
“The disclosure from Air France-KLM adds to a growing list of organizations affected by a highly targeted voice phishing (vishing) campaign exploiting Salesforce environments. First reported in March 2025 and escalating in June, these attacks have now impacted companies across Europe and the US, including Adidas, Allianz Life, Chanel, Pandora, LVMH subsidiaries, Qantas — and most recently, Google.”
“The threat group, uses a phone-based social engineering scheme impersonating IT help desks to trick employees into handing over credentials or installing malicious Salesforce tools. Victims are then extorted weeks or months later by the threat group, often self-identified as ShinyHunters, with threats of public data leaks unless a Bitcoin ransom is paid.”
“This campaign reflects a broader shift: as technical defenses improve, attackers are turning to more personal, psychological methods – a trend underscored by a 442% rise in vishing attacks in 2024 alone.”
“To reduce risk, organizations should enforce SSO, monitor login activity, restrict software installs on endpoints, and apply strict access controls. These simple steps can drastically reduce both the likelihood and impact of attacks.”
This again illustrates the fact that supply chain attacks are “the new hotness” for threat actors. Which means that you as an organization need to ensure that your partners are as secure as possible so that you don’t end up like these guys. Because getting pwned like this affects real people such as yours truly who flew to and from France in 2023. Which means that my personal info might be in the wild.
Related
This entry was posted on August 8, 2025 at 1:42 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Air France And KLM Pwned In Supply Chain Attack
Air France and KLM have disclosed that threat actors had breached a customer service platform and stolen the data of an undisclosed number of customers via a supply chain attack:
The companies, both owned by the same airline holding firm, sent out data breach notification letters to affected customers, and in a statement shared with Tweakers, KLM said the incident happened when threat actors broke into a third-party service provider.
“Unusual activity was detected on a third-party platform used by our contact centres, which led our IT security team, together with the third-party system involved, to swiftly implement corrective measures to put an end to the incident,” the company also told Cybernews.
Lidia Lopez, Strategic Research Team Lead at Outpost24, has provided the following commentary:
“The disclosure from Air France-KLM adds to a growing list of organizations affected by a highly targeted voice phishing (vishing) campaign exploiting Salesforce environments. First reported in March 2025 and escalating in June, these attacks have now impacted companies across Europe and the US, including Adidas, Allianz Life, Chanel, Pandora, LVMH subsidiaries, Qantas — and most recently, Google.”
“The threat group, uses a phone-based social engineering scheme impersonating IT help desks to trick employees into handing over credentials or installing malicious Salesforce tools. Victims are then extorted weeks or months later by the threat group, often self-identified as ShinyHunters, with threats of public data leaks unless a Bitcoin ransom is paid.”
“This campaign reflects a broader shift: as technical defenses improve, attackers are turning to more personal, psychological methods – a trend underscored by a 442% rise in vishing attacks in 2024 alone.”
“To reduce risk, organizations should enforce SSO, monitor login activity, restrict software installs on endpoints, and apply strict access controls. These simple steps can drastically reduce both the likelihood and impact of attacks.”
This again illustrates the fact that supply chain attacks are “the new hotness” for threat actors. Which means that you as an organization need to ensure that your partners are as secure as possible so that you don’t end up like these guys. Because getting pwned like this affects real people such as yours truly who flew to and from France in 2023. Which means that my personal info might be in the wild.
Share this:
Like this:
Related
This entry was posted on August 8, 2025 at 1:42 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.