Some personal data of customers of the Flying Blue loyalty program that serves multiple airline firms have reportedly been compromised due to a security breach. The news emerged after Air France and KLM Royal Dutch Airlines alerted their customers affected by the said incident.
Partnered with different airline firms, Flying Blue is a loyalty program offering rewards to customers when they shop or travel with Air France, KLM, TAROM, Aircalin, Transavia, and Kenya Airways.
According to the released notification, suspicious behaviour from an unauthorised entity was detected linked to the affected users’ accounts. For preventive measures, the firms immediately implemented an incident response to prevent the malicious actors from further compromising the customers’ data.
Flying Blue loyalty program customers are advised to change their passwords.
Despite the management of the affected airlines implementing appropriate measures for the security incident, the Flying Blue loyalty program customers are still directed to change their passwords, especially those that received the breach notification.
Nevertheless, customers were assured that the infosec departments of the airline firms have been working to resolve the issue, adding that the suspicious activities were blocked in time.
Air France and KLM Royal Dutch Airlines also mentioned some of the data possibly compromised from the security breach incident, including customers’ full names, Flying Blue numbers and levels, “Miles” or loyalty points balances, phone numbers, email addresses, and latest transactions.
Customers, however, are assured that no credit card or payment information was exposed during the incident.
For now, the airline firms have locked the affected user accounts as a part of their incident response actions from the breach. These accounts could be unlocked from the Air France and KLM websites, where they could also change their passwords to a more secure ones.
The affected airline firms and the Flying Blue loyalty program gave no additional comments. It is highly recommended for users comply with the firms’ directions in securing their accounts to avoid potential threats from malicious actors.
