Air France-KLM, the Franco-Dutch multinational airline group, disclosed in August 2025 that their Salesforce CRM environment had been compromised as part of the ShinyHunters/Scattered Spider Salesforce social engineering campaign. Exposed data included customer names, email addresses, phone numbers, Flying Blue frequent flyer rewards details, and transaction history. Air France-KLM notified affected customers and filed notifications with French (CNIL) and Dutch (AP) data protection authorities. Part of the broader 2025 Salesforce campaign also affecting TransUnion (44M+), Cisco, Pandora, Chanel, Stellantis, and Farmers Insurance.