- Korean Air lost data on ~30,000 employees in KC&D supply-chain breach
- Cl0p ransomware group leaked 500 GB archives, exposing names and bank account numbers
- Incident mirrors 2023 MOVEit attack; dozens of global firms confirmed breached through EBS
South Korean airline Korean Air reportedly lost sensitive data on tens of thousands of its employees after a supply-chain attack on a catering company.
Local media are reporting that Korean Air Catering & Duty-Free (KC&D), a company that prepares in-flight meals for multiple airlines, and operates duty-free retail sales for passengers, was using Oracle E-Business Suite (EBS) at the time when the tool carried a critical-severity vulnerability.
The bug, tracked as CVE-2025-61882, was discovered in early October this year, when some companies started receiving emails from hackers claiming to have used it to break in and steal data.
Cl0p takes the blame
Oracle quickly released a fix, but the damage was already done. Ransomware operators Cl0p assumed responsibility for the attack, and in the weeks and months following the news, multiple high-level organizations confirmed falling victim to the attack.
Now, Korean Air has confirmed that in the supply-chain attack, it lost sensitive data on roughly 30,000 current and former employees. The compromised data includes full names and bank account numbers - leaving them at risk of identity theft and fraud. Other information, such as emails, phone numbers, or postal addresses, were apparently not compromised.
According to Security Week, Cl0p added KC&D to its site on November 21, leaking almost 500 GB of archives.
The Oracle E-Business Suite breach is similar in scope and damage as the 2023 MOVEit incident, in which hundreds of firms lost sensitive data on millions of people.
So far, there are dozens of confirmed breaches through EBS, including Envoy Air, Harvard University, University of Witwatersrand, Schneider Electric, Emerson, Cox Enterprises, Pan American Silver Corp, LKQ Corporation, GlobalLogic, Barts Health NHS Trust, and Dartmouth College.
Cl0p, widely considered to be a Russian‑nexus ransomware and extortion group, was also credited with the MOVEit attack. Its victims are counted in the dozens, and a few notable names include Shutterfly, Hatch Bank, Rubrik, Community Health Systems, Saks Fifth Avenue, and Procter & Gamble.
Via Security Week
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
