Potential data leak exposes personal information of Air France and KLM clients due to security incident
In recent months, the cybercriminal group Scattered Spider has launched a series of attacks on several major airlines, including Air France and KLM, WestJet, Hawaiian Airlines, and Qantas. These attacks have involved social engineering, identity theft, and ransomware, often exploiting third-party service providers such as call centers to gain access to sensitive customer and employee information.
The group has been noted for phishing airline IT departments and contractors to obtain VPN and multi-factor authentication resets, leveraging trusted supply chain relationships to breach airline networks. Scattered Spider operates like a tech startup, recruiting skilled hackers and collaborating with other threat actors. Their tactics include impersonating IT staff, manipulating help desks, and deploying ransomware such as DragonForce.
Air France and KLM were specifically mentioned as part of the broader airline sector targeted by Scattered Spider in 2024–2025. The FBI and CISA issued warnings in mid-2025 about the group's active probing of airline service desks and contractor networks. These incidents caused operational disruptions or data leaks without necessarily stopping flights.
The cyberattack on Air France and KLM resulted in the theft of full names, contact details, Flying Blue numbers, and tier levels. However, passport data and payment card details were not compromised, and Flying Blue Miles balances and passwords remained secure. Unusual activity was detected on the third-party platform, and the subject lines of service request emails were also stolen.
Scattered Spider's activities highlight the importance of regular cybersecurity assessments and updates for airlines. The group has expanded its operations from retailers and insurers into the aviation industry since early 2024. There is also evidence suggesting coordination or overlap with another group called ShinyHunters, especially in simultaneous attack campaigns targeting aviation from June to August 2025.
The FBI has warned that Scattered Spider hackers have been increasing their targeting of airlines. Airlines should consider implementing stronger security measures to protect against impersonation and unauthorized access. The FBI's warning suggests that airlines should be vigilant against cyberattacks from Scattered Spider and other hacking groups.
Scattered Spider struck Qantas in early July 2025, and Hawaiian Airlines in late June. The group's methods could potentially be used by other hacking groups to target airlines in the future. Airlines are urged to take proactive measures to safeguard their systems and customer data from such threats.
- Scattered Spider, a notorious hacking group recognized for their operations in cybersecurity, data-and-cloud-computing, and technology, have been active in launching attacks on the aviation industry, particularly major airlines such as Air France and KLM, since early 2024.
- In the realm of data-and-cloud-computing, cybersecurity is of paramount importance for airlines, especially in the face of expanding operations from hacking groups like Scattered Spider, who have been increasingly targeting airlines and exploiting weaknesses in their systems.
