Korean Air Data Breach: A Devastating Supply-Chain Attack
A recent supply-chain attack on Korean Air Catering & Duty-Free (KC&D), a company that provides in-flight meals and operates duty-free retail sales for multiple airlines, has resulted in the loss of sensitive data on approximately 30,000 current and former employees of Korean Air. The compromised data includes full names and bank account numbers, leaving them vulnerable to identity theft and fraud.
The attack, which was carried out by the Cl0p ransomware group, exploited a critical-severity vulnerability in Oracle’s E-Business Suite (EBS), tracked as CVE-2025-61882. This vulnerability was discovered in early October this year, and despite Oracle’s quick release of a fix, the damage had already been done. Cl0p, a Russian-nexus ransomware and extortion group, claimed responsibility for the attack and leaked almost 500 GB of archives, including sensitive data on Korean Air employees.
Cl0p’s Attack: A Familiar Pattern
Cl0p’s attack on KC&D is not an isolated incident. The group has been linked to several high-profile breaches, including the 2023 MOVEit attack, which affected hundreds of firms and exposed sensitive data on millions of people. The Oracle E-Business Suite breach is similar in scope and damage, with dozens of confirmed breaches, including Envoy Air, Harvard University, and Schneider Electric.
Cl0p’s modus operandi involves exploiting vulnerabilities in software and then leaking sensitive data to extort money from the affected companies. The group’s victims are counted in the dozens, and notable names include Shutterfly, Hatch Bank, and Procter & Gamble. The attack on KC&D is a stark reminder of the importance of cybersecurity and the need for companies to prioritize the protection of sensitive data.
Consequences and Implications
The breach has significant implications for Korean Air and its employees, who are now at risk of identity theft and fraud. The airline has confirmed that the compromised data includes full names and bank account numbers, but other information, such as emails, phone numbers, or postal addresses, were not affected. The incident highlights the need for companies to invest in robust cybersecurity measures and to prioritize the protection of sensitive data.
As the threat landscape continues to evolve, it is essential for companies to stay vigilant and proactive in their approach to cybersecurity. This includes regularly updating software, implementing robust security protocols, and providing employees with training on cybersecurity best practices. By taking these steps, companies can reduce the risk of a breach and protect sensitive data.
For more information on the Korean Air data breach and the Cl0p ransomware group, visit Here
The best antivirus for all budgets
Our top picks, based on real-world testing and comparisons
Image Credit: www.techradar.com