KLM Air­lines has writ­ten to cus­tomers warn­ing that a fraud­ster gained ac­cess to per­son­al da­ta through a third-par­ty sys­tem used by the air­line.

In an email to af­fect­ed pas­sen­gers, the com­pa­ny said cred­it card num­bers, pass­port de­tails and book­ing in­for­ma­tion were not ex­posed. How­ev­er, the breach did com­pro­mise da­ta shared in ear­li­er cus­tomer ser­vice in­ter­ac­tions.

“We have con­firmed that some of your per­son­al da­ta were ex­posed by this breach,” the email read. “These re­late to your ear­li­er con­tact with our cus­tomer ser­vice and may in­clude: your first name, your fam­i­ly name, your con­tact de­tails, your Fly­ing Blue num­ber and tier lev­el, the sub­ject line of ser­vice re­quest emails [and] re­marks made by our cus­tomer ser­vice agents.”