- LKQ confirmed it was affected by the Oracle E-Business Suite breach, which exposed the SSNs and EINs of about 9,000 people
- Cl0p is believed to be responsible and claims terabytes of LKQ data stolen via CVE-2022-21587 exploit
- The incident adds to a growing list of EBS victims, including Envoy Air, Harvard, The Washington Post, Cox and Logitech
The list of companies breached through the Oracle E-Business Suite vulnerability continues to grow – with the latest organization to confirm an attack being US aftermarket auto parts and used original equipment company LKQ.
The company recently submitted a data breach notification form to the Office of the Maine Attorney General, saying it lost sensitive data on about 9,000 people, including people’s LKQ Employer Identification Numbers and Social Security Numbers.
The attack apparently took place on August 9, 2025, and was discovered on October 3 when LKQ launched an internal investigation, which was completed on December 1, after which affected individuals, as well as relevant government authorities, were notified.
Cl0p steals terabytes
“There is no evidence of impact to LKQ’s systems beyond the Oracle E-Business Suite environment,” the company explained in the announcement.
As a result, LKQ strengthened its network security and offered free credit monitoring and identity recovery services through Cyberscout to affected individuals for two years.
It did not specify who the threat actors were or what they were after. However, it is widely known that Cl0p, a Russian-speaking group, was behind the E-Business Suite attacks. Curiously, according to Security Week, LKQ was the first company Cl0p listed on its data leak website as being breached through the E-Business Suite, but the company has not confirmed the claims until now.
Cl0p said it took several terabytes of files from LKQ’s EBS instances and shared it with the cybercriminal community.
Last summer, the ransomware actor exploited a critical vulnerability in Oracle E-Business Suite, most commonly associated with CVE-2022-21587, which allowed unauthorized remote code execution. This gave them access to user accounts, which they used to exfiltrate sensitive data. So far, there have been several confirmed cases of data theft, including Envoy Air, Harvard University, The Washington Post, Cox Enterprises and Logitech.
Via Information security Magazine
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
