Air France-KLM said attackers gained unauthorized access to a third-party customer-service platform, exposing certain personal data belonging to an undisclosed number of Air France and KLM passengers. The company detected the intrusion on 6–7 August and has since blocked access, patched the vulnerability and alerted regulators, including France’s CNIL and the Dutch Data Protection Authority. Leaked information may include customers’ names, contact details, Flying Blue loyalty numbers and subjects of prior e-mail requests. The carrier stressed that no passwords, payment information, passport numbers, mileage balances or itinerary data were compromised and that its own IT systems were not touched. Potentially affected clients are being contacted individually and advised to remain vigilant for phishing e-mails or phone calls that could exploit the stolen data. Air France-KLM said it has strengthened safeguards to prevent a recurrence of the breach.