- LKQ confirmed that it was affected by a breach of Oracle E-Business Suite, exposing the SSNs and EINs of approximately 9,000 people.
- Cl0p is believed to be responsible and claims that terabytes of data were stolen from LKQ using CVE-2022-21587.
- The incident joins a growing list of EBS victims, including Envoy Air, Harvard, The Washington Post, Cox and Logitech.
The list of companies affected by the Oracle E-Business Suite vulnerability continues to grow; The latest organization to confirm an attack is the American automotive spare parts and recycled original equipment company LKQ.
The company recently filed a data breach notification form with the Maine Attorney General’s Office, in which it said it lost sensitive data on about 9,000 people, including the individuals’ LKQ employer identification numbers and Social Security numbers.
The attack apparently took place on August 9, 2025 and was discovered on October 3, when LKQ launched an internal investigation, which concluded on December 1, after which affected individuals as well as relevant government agencies were notified.
Cl0p steals terabytes
“There is no evidence of impact on LKQ systems beyond the Oracle E-Business Suite environment,” the company explained in the notification.
As a result, LKQ strengthened its network security and offered free credit monitoring and identity restoration services through Cyberscout to affected individuals for two years.
He did not detail who the threat actors were or what they were looking for. However, everyone knows that Cl0p, a Russian-speaking group, was the one behind the attacks on E-Business Suite. Interestingly, according to Security Week, LKQ was the first company that Cl0p listed on its data breach website as a victim of a breach through E-Business Suite, but the company did not confirm the claims until now.
Cl0p said it took several terabytes of files from LKQ’s EBS instances and shared them with the cybercriminal community.
Last summer, the ransomware actor abused a critical vulnerability in Oracle E-Business Suite, most commonly linked to CVE-2022-21587, that allowed unauthenticated remote code execution. This gave them access to user accounts, which they used to extract sensitive data. So far, there have been several confirmed cases of data theft, including Envoy Air, Harvard University, The Washington Post, Cox Enterprises, and Logitech.
Through Infosecurity Magazine
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
