KLM and Air France experience data breach affecting millions of passengers

by Sypher | Published in News - August 11, 2025


Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.

Air France and KLM customers’ personal details exposed via data breach

cybernews.com • 6 min read

💥 European airlines Air France and KLM reported a data leak via an external customer service platform, exposing some Flying Blue members’ names, contact details, account numbers, and service request information to unauthorized access… read more
Additional insights here.

GPT-5 and privacy by design: Does OpenAI care?

luizasnewsletter.com • 3 min read

💡A look at GPT-5’s launch and the privacy-by-design concerns it raises, by Luiza Jarovsky, PhD… read more.
Additional information on the GPT-5 release.

A view from Brussels: The challenge of intimate privacy

iapp.org • 3 min read

☝️Isabelle Roccia of the International Association of Privacy Professionals (IAPP) explores how privacy 'in real life' ranges from courteous protections, such as airline photo policies, to serious lapses, such as medical centres exposing sensitive patient data… read more

Latest wave of obligations under the EU AI Act take effect: key considerations

technologyslegaledge.com • 9 min read

📜 This article summarises the key changes to the application of the EU AI Act that came into effect on 2 August 2025, including the operational launch of the AI Office and AI Board, as well as national oversight bodies. It also saw the introduction of initial obligations for general-purpose AI providers and the Act’s penalty regime for most violations ...  read more

When deletion becomes a breach: ICO fines Birthlink for destroying irreplaceable data

thelens.slaughterandmay.com • 3 min read

🚸 The UK Information Commissioner's Office (ICO) fined the Scottish charity Birthlink £18,000 for unlawfully destroying approximately 4,800 adoption records, including irreplaceable documents. This was due to poor policies, a lack of training and delayed reporting. This case highlights that excessive deletion can also breach the GDPR and cause serious personal harm… read more

--

Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.

Photo by David Syphers on Unsplash


Might we suggest

Article
Google & Shein hit with major fines, Agentic AI risks and Dutch DPA 2024 report
Article
CNIL updates cookie exemption rules for websites
Article
AI liability and data sovereignty under scrutiny