KLM Data Breach and Curaçao Government Orders Backup Overhaul

THE HAGUE/WILLEMSTAD--A wave of cybersecurity concerns is rippling across the region, as Dutch airline KLM confirmed a leak of customer data linked to a third-party platform, while the government of Curaçao has ordered all ministries to immediately migrate their data backups to Blue Nap Americas in response to escalating cyberattacks.

KLM disclosed on Wednesday that an external service provider used to manage customer support had been compromised, exposing the personal data of an undisclosed number of customers. The breach allowed unauthorized access to names, contact details, and Flying Blue rewards account numbers. Subject lines of service request emails and notes made by KLM’s customer service agents were also potentially exposed.

While the airline emphasized that no sensitive information—such as passwords, travel details, passport numbers, or credit card data—was accessed, it confirmed that it had reported the breach to the Dutch Data Protection Authority. Its sister airline, Air France, has taken similar steps in France. KLM declined to name the compromised platform or disclose how many users were affected, citing security concerns. Customers potentially impacted will be notified and advised to remain vigilant for suspicious emails or phone calls.

The incident adds to a growing list of digital threats now affecting not only corporations but critical public institutions as well. In Curaçao, several government bodies—including the Tax Office, Joint Court of Justice, Central Bureau of Statistics, and Aruba’s Parliament—have recently fallen victim to cyberattacks. The scope and severity of these incidents have prompted immediate action from the Ministry of Governance, Planning, and Service (BPD).

Minister Kimberley Lew-Jen-Tai described the situation as a full-scale security threat. In a sweeping directive issued this week, all ministries within Curaçao’s national cybersecurity framework have been ordered to migrate their data backups to Blue Nap Americas, a regional data center based in Curaçao known for its high-level digital infrastructure.

The directive outlines three urgent steps: assess current backup systems, carry out a mandatory migration to Blue Nap Americas, and submit a status report within ten days. The goal, according to Lew-Jen-Tai, is to harden government resilience against cyber threats and prevent loss of critical information.

‍