The Dutch carrier KLM has become the latest airline to be hit by a cyber breach after a third-party vendor, which supplies customer support software, was hacked by fraudsters.
Passengers who have recently been in contact with KLM’s customer service department could have had their personal data compromised, including their full name, contact details, and frequent flyer status, and the subject line of service request emails.
While KLM says more sensitive data like credit card information, passport numbers, and travel details were not involved in the data breach, the airline is still warning passengers to be on alert for criminals who could use their data to send scam emails.
Specifically, KLM is worried that the hackers could target passengers with a type of scam known as phishing, in which criminals send their victims an email that looks like it came from the airline.
Phishing scams normally try to get victims to click on a link within the email that will usually do one of two things:
- Clicking the link will install malware on the victim’s computer, which can then be used by hackers to view sensitive information like bank login data, etc.
- Or it will redirect passengers to a fake website designed to look like the airline’s own site, whereby passengers hand over personal detail which can then be used by the fraudsters.
In an email sent to affected passengers on Wednesday, the airline said: “If you receive unexpected messages or phone calls, especially asking for personal information or urging you to take action, please check their authenticity.”
Thankfully, KLM has a web page with a list of official, verified email addresses that it uses to contact passengers. The web page can be found here.
Be aware, though, that fraudsters often try to mimic official email addresses by making small changes that might not be immediately obvious, especially if you just quickly scan the address.
KLM advises customers to be especially cautious of emails that have:
- No personal salutation
- An urgent request to do something (such as click a link in the email)
- Poor grammar or spelling mistakes
- A link to an unknown website.
KLM has already notified the Dutch Data Protection Agency, or Autoriteit Persoonsgegevens, as it is known locally, about the breach, while Air France has already informed the French equivalent.
The airline has, however, refused to say how many passengers might be affected or when the breach occurred.
At the end of June, Australian airline Qantas announced that it had detected a massive cybersecurity incident involving a third-party vendor of customer service software, which involved six million passengers.
Hackers were able to steal personal details of millions of customers, including names, dates of birth, phone numbers, and frequent flyer numbers.
Weeks later, the airline confirmed that a potential hacker had been in contact, although it’s unclear whether the person had demanded a ransom to hand over the stolen data.
Last month, the FBI’s Cyber Division issued an urgent alert to companies across the aviation industry, warning that cyber criminals affiliated with the so-called ‘Scattered Spider’ group were targeting airlines.
The FBI said the fraudsters were often using social engineering techniques to fool IT help desks into granting them access to internal computer systems, allowing them to steal data or corrupt files.
British Airways was so worried about the potential for an attack that it accidentally locked hundreds of pilots and cabin crew out of key operational IT systems as it deployed new security protocols to counter the latest threat.
KLM says its operational systems were unaffected by the breach and that it has already introduced new security measures in response to the incident.
