TORONTO — Air France and KLM have confirmed a data breach that involved customers’ personal data.

As reported by Forbes, KLM sent an email to customers last week informing them that a fraudster had “gained limited access to a third-party system” used by the airline. Though credit card details, passport numbers, Flying Blue Miles balances, passwords and booking information were not involved in the breach, personal data were exposed. This may have included names, contact details, Flying Blue numbers and tier levels and subject lines in service request emails.

According to the email sent, KLM has reported the incident to the Dutch Data Protection Authority. The airline warns that the impacted data could be used to make phishing messages appear more credible, and encourages customers to stay alert and check all unexpected messages and phone calls for authenticity.

Profession Voyages, Travelweek Group’s French-language travel trade news source, reached out to the carriers, which confirmed that enhanced protection measures have since been deployed to prevent such an incident from happening again.

“Unusual activity was detected on a third-party platform used by our contact centres, which led our IT security team, in collaboration with the service provider, to quickly implement corrective measures to end the incident,” they told the French outlet.

Air France and KLM regret this situation. For more information or to report an issue, contact mail.databreach@airfrance.fr or mail.databreach@klm.com.