- Korean Air lost data on ~30,000 employees in KC&D supply chain breach
- Cl0p ransomware group leaked 500GB of archives, revealing names and bank account numbers
- Event Mirrors 2023 MOVEit Attack; dozens of global companies confirmed breached through EBS
South Korean airline Korean Air reportedly lost sensitive data on tens of thousands of its employees after a supply chain attack on a catering company.
Local media reports that Korean Air Catering & Duty-Free (KC&D), a company that prepares in-flight meals for several airlines and operates duty-free retail sales to passengers, was using Oracle E-Business Suite (EBS) at the time the tool had a critical vulnerability.
The flaw, tracked as CVE-2025-61882, was discovered in early October this year when some companies started receiving emails from hackers who claimed to have used it to break in and steal data.
Cl0p takes the blame
Oracle quickly released a fix, but the damage was already done. Ransomware operators Cl0p claimed responsibility for the attack, and in the weeks and months following the news, several high-profile organizations confirmed they were victims of the attack.
Now, Korean Air has confirmed that in the supply chain attack it lost sensitive data on around 30,000 current and former employees. The compromised data includes full names and bank account numbers – putting them at risk for identity theft and fraud. Other information, such as emails, phone numbers or postal addresses, did not appear to be compromised.
According to Security Week, Cl0p added KC&D to his site on November 21 and leaked nearly 500GB of archives.
The Oracle E-Business Suite breach is similar in scope and damage to the 2023 MOVEit incident, where hundreds of companies lost sensitive data on millions of people.
So far, there are dozens of confirmed breaches through EBS, including Envoy Air, Harvard University, University of Witwatersrand, Schneider Electric, Emerson, Cox Enterprises, Pan American Silver Corp, LKQ Corporation, GlobalLogic, Barts Health NHS Trust and Dartmouth College.
Cl0p, widely believed to be a Russian-nexus ransomware and extortion group, was also credited with the MOVEit attack. Its victims number in the dozens, and a few notable names include Shutterfly, Hatch Bank, Rubrik, Community Health Systems, Saks Fifth Avenue, and Procter & Gamble.
Via Safety week
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
