Ransomware victim disclosure
← All victimsAir France & KLM
Claimed by Shinyhunters · listed 9 months ago
Status timeline
- ListedOct 3, 2025
- Data leakeddate unknown
At a glance
- Group
- Shinyhunters
- Status
- Data leaked
- Country
- France
- Sector
- Transportation/Logistics
- Listed on leak site
- Oct 3, 2025
About the victim
AI dossier — public-source company profileAir France and KLM are two major European airlines operating under the Air France-KLM Group holding company, headquartered in France and the Netherlands respectively. Together they provide passenger and cargo services across major domestic and international routes worldwide. The group operates the 'Flying Blue' frequent-flyer loyalty programme and serves tens of millions of passengers annually.
- Industry
- Commercial Aviation & Airline Services
- Employees
- 80000-100000
- Founded
- 1919
Attack summary
Severity: medium — Data is marked as published by a known and prolific threat actor (ShinyHunters), which elevates credibility above a mere listing; however, the leak post provides no specifics on data type, volume, or proof files, and the post content appears AI-generated with no verifiable technical detail, preventing a higher severity classification.ShinyHunters claims to have obtained data related to Air France & KLM, with the disclosure status recorded as data_published; however, the leak post contains no specific claims about encryption, exfiltration volume, or the nature of data stolen.
Original description
AI-summarised, not from the leak postAir France & KLM is an international airline partnership under the parent company Air France-KLM Group. Based respectively in France and Netherlands, the airlines provide passenger and cargo services globally. Offering premium and economy services, they operate in major domestic and international routes. The brands stand for comfort, reliability, and customer service. The loyalty programme 'Flying Blue' rewards frequent flyers.
Sources
- Leak posthttps://breachforums.hn//afkl.html
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

