South Korean airline Korean Air has disclosed a data breach exposing 30,000 employee records following a cyberattack on its former subsidiary and current catering supplier, Korean Air Catering & Duty-Free (KC&D).
KC&D was originally a division of the airline, but it spun off and was sold to a private equity firm in 2020. In addition to Korean Air, KC&D serves many other major airlines from Asia and other parts of the world.
According to Korea JoongAng Daily, KC&D recently informed Korean Air that information belonging to the airline’s employees has been compromised.
Korean Air reportedly confirmed that hackers have stolen the information of roughly 30,000 of its current and former employees from KC&D, including names and bank account numbers. Customer data was not exposed, the airline said.
The disclosed incident is likely related to the recent Oracle E-Business Suite (EBS) campaign, in which cybercriminals exploited EBS zero-day vulnerabilities to gain access to data stored by more than 100 organizations in the enterprise management software.
While the campaign is believed to have been carried out by a cluster of the FIN11 threat group, the Cl0p ransomware group has publicly taken credit for the attack, naming victims on its Tor-based leak website and publishing data stolen from organizations that refused to pay a ransom.
KC&D was added to the Cl0p leak site on November 21, and the cybercriminals have since made public nearly 500 GB of archives containing files allegedly stolen from the company.
The Oracle EBS campaign has hit dozens of major organizations and KC&D is not the only victim in the aviation industry. American Airlines subsidiary Envoy Air was among the first confirmed victims.
While some of the organizations hit by the Oracle hack said the data breach was limited to employee information, others admitted that the personal information of millions of people was stolen from their systems.
News of the Korean Air data breach comes just days after another major South Korean airline, Asiana Airlines, reported that the information of approximately 10,000 employees may have been stolen by hackers. There is no indication that the Asiana cybersecurity incident is related to the Oracle EBS campaign.
Related: Auto Parts Giant LKQ Confirms Oracle EBS Breach
Related: Dartmouth College Confirms Data Theft in Oracle Hack
