AI impersonation attacks are a new threat to airlines, using fake voices and profiles to trick customer service agents and steal personal data. Recently, attackers used these AI tricks to break into Air France and KLM’s third-party support system, exposing names, emails, and loyalty numbers but not payment or travel info. The attacks are rising fast, with cheap voice-cloning tools and more phishing attempts than ever. Airlines are fighting back with strict checks on partners, high-tech monitoring, and training staff to spot scams. Passengers are urged to be cautious about suspicious messages and check their accounts for strange activity.
What are AI impersonation attacks and how are they threatening aviation’s supply chain?
AI impersonation attacks use deepfake voices, synthetic LinkedIn profiles, and machine-generated phishing scripts to trick airline customer service agents, compromising personal data such as names, emails, and loyalty numbers. These attacks target third-party systems, exposing aviation supply chains to significant cybersecurity risks.
In August 2025, Air France and KLM quietly joined a growing list of airlines forced to admit that an outside partner – not their own servers – had let attackers slip through. A compromised external customer service platform connected to both carriers gave cyber-criminals access to personal information on an as-yet-undisclosed number of passengers.
The attackers, linked by investigators to the ShinyHunters* * collective, did not need to break core reservation systems. Instead they relied on AI-driven impersonation** – a cocktail of deepfake voices, synthetic LinkedIn profiles and machine-written phishing scripts – to trick support agents into handing over credentials or resetting account access.
What was taken – and what was not
| Data category | Status |
|---|---|
| names, e-mails, phone numbers | *Compromised * |
| Flying Blue numbers & tier status | *Compromised * |
| subject lines of recent customer queries | *Compromised * |
| payment card data, passwords, passport numbers | Not touched |
| travel itineraries, loyalty point balances | Not touched |
Sources: BleepingComputer, Centraleyes
The AI impersonation playbook in 2025
Security researchers tracking ShinyHunters say the group is part of a broader trend:
- 82 % of phishing attempts now include AI-generated text, up from 44 % in 2024 (SQ Magazine statistics).
- Voice-cloning kits capable of reproducing a CEO’s speech pattern now cost USD 15/month on dark-web markets (UC Berkeley CLTC report).
- Deepfake video impersonation was reported by 37 % of Fortune 500 companies during H1-2025.
The process is deceptively simple:
1. AI scrapes public LinkedIn profiles to learn tone, jargon and travel habits.
2. A synthetic voice places a “forgotten password” call to the customer-service desk.
3. Once inside the vendor’s dashboard, attackers pull down loyalty-program CSV files in minutes.
How the industry is fighting back
Major carriers are responding with a three-layer defence aimed squarely at third-party risk:
| Layer | Examples adopted in 2025 |
|---|---|
| *Governance * | mandatory ISO 27001 certification for all CRM vendors, quarterly penetration tests |
| *Technology * | machine-learning risk-scoring of every supplier login, real-time blockchain audit trails |
| *Culture * | quarterly phishing drills for call-centre agents using the same AI tools attackers deploy |
Documents from the Aerospace Industries Association (full PDF) show Emirates and Etihad piloting this exact framework.
What passengers should do now
Air France and KLM began e-mailing affected customers on 6 August 2025 with straightforward advice:
- Change your Flying Blue password even though passwords were not stolen (in case future phishing succeeds).
- Question every call, text or e-mail that mentions “account verification” – especially if it quotes correct loyalty numbers.
- Check your account for unauthorised changes to seat preferences or redemption history – a common early red flag.
Both airlines have opened 24/7 hotlines using live human agents only to avoid AI-spoofed call centres.
The bigger picture
The breach is one of twenty-seven major ransomware or data-theft incidents aimed at aviation suppliers between January and April 2025, according to Thales telemetry. With each aircraft depending on 25 000+ suppliers, the sector’s weakest link is no longer the cockpit firewall; it is the CRM plug-in that answers “How do I change my seat?” at 2 a.m.
How did the August 2025 breach at Air France and KLM unfold?
In late July 2025, attackers gained access to a third-party customer-service platform that Air France and KLM use for handling customer inquiries. The platform- reportedly built on Salesforce- was compromised through a combination of social engineering and AI-driven impersonation that fooled customer-support staff into granting access. Once inside, the attackers extracted customer contact data, Flying Blue loyalty-program numbers and status, and recent transaction subject lines.
- No passwords, payment-card data, passports or full itineraries were accessed.
- Internal airline networks and aircraft systems remained unaffected, isolating the breach to the external platform only.
- Evidence points to the ShinyHunters hacking group leveraging AI to automate and scale the impersonation tactics.
What exactly was stolen, and how serious is it?
The exposed data includes names, email addresses, phone numbers, Flying Blue membership numbers and tier status, and recent transaction subject lines. While no financial or highly sensitive data was taken, the information is highly valuable for crafting believable phishing campaigns:
- 72 % open rate for AI-generated phishing emails in 2025 (source: SQ Magazine).
- 37 % of large corporations reported deepfake voice-impersonation attempts last year.
- Attackers can now clone a voice with as little as one hour of public audio (UC Berkeley CLTC).
How are airlines tightening third-party security after the incident?
Both carriers immediately cut off attacker access, notified regulators in France and the Netherlands, and warned affected customers. Across the industry, airlines are rolling out a multi-layered security program:
- Minimum cyber requirements for every supplier, backed by onboarding certifications.
- Flow-down of cybersecurity clauses to all tiers of suppliers.
- AI-driven monitoring with machine-learning risk scoring and real-time threat-intelligence feeds.
- Blockchain records and Software Bill of Materials (SBOMs) for rapid vulnerability management.
- Cross-departmental training to spot social-engineering red flags.
What should affected customers do right now?
Customers reached by Air France and KLM have been advised to:
- Review all unsolicited emails or phone calls that mention loyalty-program upgrades or urgent account issues.
- Enable two-factor authentication on Flying Blue and email accounts.
- Check recent transaction history for unrecognized activity.
- Forward suspicious messages to the airline’s security team instead of clicking links or calling numbers provided.
Why is aviation an especially juicy target for AI-driven supply-chain attacks?
A single wide-body jet can rely on more than 25,000 suppliers, creating a sprawling attack surface. In 2025 the sector saw a 600 % year-on-year rise in cyberattacks, with 27 major ransomware incidents in just 16 months (Thales Group). Because reservation, cargo, loyalty and maintenance systems often share data through external platforms, one compromised vendor can ripple across entire fleets, making third-party risk management the industry’s top cybersecurity priority for 2025 and beyond.
