Air France customers warned after cyberattack, phishing scams expected

Data including frequent flyer account information was stolen in data breach

The data breach has been reported to France’s Civil Liberties commission
Published

French flag carrier Air France is warning travellers after a data breach led to the personal information of passengers being taken. 

Scammers managed to get access to a database operated by a third-party, the airline said. 

“Our IT security teams, in collaboration with the service provider concerned, quickly took the necessary steps to remedy the situation and strengthened protective measures to prevent this from happening again,” said the airline in a statement.

The breach was reported to France’s Commission nationale de l’informatique et des libertés (CNIL) that deals with data protection.

Information including names, contact information (email address and phone number), Flying Blue [the airline’s frequent flyer service] number and email requests from passengers to Air France may have been compromised.

However, sensitive data such as bank card information, passport details, Flying Blue mileage points, booking information, and passwords were not taken, the company said.

It is not known how many passengers have been affected by the breach.

While the information taken does not allow scammers direct access to travellers’ accounts with the airline, passengers are warned to be more vigilant in the coming weeks to ‘phishing’ scams using the information made available. 

“We recommend that you be vigilant regarding any unusual communication that may contain your personal information… The data involved in this breach could be used to make hacking messages more credible,” said the airline. 

It also urged passengers to verify that a message was legitimate before responding to it. 

This can include by hanging up (if receiving a call) or ignoring a text or email and then contacting the airline/bank/company directly about the contents of the correspondence, to confirm it was legitimate. 

The usual warnings also apply – do not give any personal information online to a person that has contacted you, and if someone is pressuring you into doing something, it is likely a scam.