Automotive parts giant LKQ Corporation has confirmed that it has been impacted by the recent cybercrime campaign targeting customers of the Oracle E-Business Suite (EBS) solution.
The Fortune 500 company provides recycled, refurbished, and aftermarket components for cars and other types of vehicles.
LKQ was one of the first victims of the Oracle EBS hack named on the Cl0p ransomware website, where the cybercriminals behind the campaign have been listing targeted organizations.
SecurityWeek reached out to LKQ for comment multiple times since it was named on the Cl0p website in late October, but the company has not responded.
LKQ has now finally confirmed that it was targeted in the EBS campaign. The firm told the Maine Attorney General’s Office that the personal information of more than 9,000 individuals was compromised in the attack.
Based on the notification letter example submitted by the company to the Maine AGO, the incident impacts sole proprietor suppliers, including information such as Employer Identification Number and SSN.
The automotive parts distributor launched an investigation on October 3 and completed its analysis into personal information compromise on December 1.
“There is no evidence of impact to LKQ’s systems beyond the Oracle E-Business Suite environment,” the company is telling impacted individuals in a data breach notice.
Several terabytes of files allegedly stolen from LKQ’s EBS instance have been made available for download by the cybercriminals.
This is not the first time LKQ has been targeted by hackers. Exactly one year ago, the company revealed that a cyberattack had caused disruptions at a Canadian business unit.
Over 100 organizations targeted in Oracle EBS hack
The Cl0p ransomware website currently lists more than 100 alleged victims of the Oracle EBS hacking campaign. For a vast majority of these organizations, the cybercriminals have leaked data allegedly stolen from their systems.
Many major companies named on the Cl0p leak site have yet to issue a public statement on the matter. The cybercriminals typically do not name victims without cause, but the impact of their attack may be exaggerated.
The list of major companies that have confirmed impact includes Logitech, Canon, Cox, Mazda, and several important US colleges.
Related: NHS Investigating Oracle EBS Hack Claims as Hackers Name Over 40 Alleged Victims
Related: Industrial Giants Schneider Electric and Emerson Named as Victims of Oracle Hack
Related: CISA Confirms Exploitation of Latest Oracle EBS Vulnerability
