- Korean Air lost data of ~30,000 employees in KC&D supply chain breach
- Cl0p ransomware group leaked 500GB files, exposing names and bank account numbers
- The incident mirrors the 2023 MOVEit attack; Dozens of confirmed global companies were breached via EBS
South Korean airline Korean Air reportedly lost sensitive data on tens of thousands of its employees after a supply chain attack against a catering company.
Local media reports that Korean Air Catering & Duty-Free (KC&D), a company that prepares in-flight meals for multiple airlines and operates duty-free retail sales for passengers, was using Oracle E-Business Suite (EBS) at the time the tool had a critical severity vulnerability.
The bug, identified as CVE-2025-61882, was discovered in early October of this year, when some companies began receiving emails from hackers who claimed to have used it to enter and steal data.
Cl0p takes the blame
Oracle quickly released a fix, but the damage was already done. Ransomware operators Cl0p took responsibility for the attack, and in the weeks and months following the news, several high-profile organizations confirmed being victims of the attack.
Now, Korean Air has confirmed that it lost confidential data of approximately 30,000 current and former employees in the supply chain attack. The compromised data includes full names and bank account numbers, leaving them at risk of identity theft and fraud. Other information, such as emails, phone numbers or postal addresses, apparently was not compromised.
According to Security Week, Cl0p added KC&D to its site on November 21, leaking almost 500 GB of files.
The Oracle E-Business Suite breach is similar in scope and damage to the 2023 MOVEit incident, in which hundreds of companies lost sensitive data of millions of people.
So far, there are dozens of breaches confirmed through EBS, including Envoy Air, Harvard University, University of the Witwatersrand, Schneider Electric, Emerson, Cox Enterprises, Pan American Silver Corp, LKQ Corporation, GlobalLogic, Barts Health NHS Trust and Dartmouth College.
Cl0p, widely considered a Russian nexus ransomware and extortion group, was also blamed for the MOVEit attack. His victims number in the dozens, and some notable names include Shutterfly, Hatch Bank, Rubrik, Community Health Systems, Saks Fifth Avenue, and Procter & Gamble.
Through safety week
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
