- Korean Air loses data of nearly 30,000 employees due to KC&D supply chain breach
- CL0P ransomware group releases 500GB file, leaks names and bank account numbers
- This incident is identical to the 2023 MOVEit attack. Dozens of global companies confirm EBS violations
Korean airlines reportedly lost thousands of sensitive employee data in an attack on the catering company’s supply chain.
According to local media reports, Korean Air Catering & Duty Free (KC&D), which prepares in-flight meals for multiple airlines and manages duty-free retail for passengers, was using Oracle E-Business Suite (EBS), but the tool had high-risk vulnerabilities.
The vulnerability named CVE-2025-61882 was discovered in early October this year and some companies began receiving emails from hackers claiming they were exploiting the vulnerability to hack and steal data.
CL0P takes responsibility
Oracle quickly released a fix for the problem, but the damage was already done. The CL0P ransomware operators claimed responsibility for the attack, and in the weeks and months following the news, several large organizations confirmed that they were victims of the attack.
Korean Air admitted that a supply chain attack led to the loss of sensitive data of approximately 30,000 current and former employees. The compromised data includes names and bank account numbers, putting you at risk of identity theft and fraud. No other information, such as emails, phone numbers or addresses, appeared to have been compromised.
According to Security Weekly, CL0P added KC&D to the site on November 21 and leaked approximately 500 GB of files.
The scope and damage of the Oracle E-Business Suite hack is similar to the 2023 MOVEit incident, which caused hundreds of companies to lose millions of dollars in sensitive data.
To date, EBS has confirmed dozens of breaches involving Envoy Air, Harvard University, University of the Witwatersrand, Schneider Electric, Emerson, Cox Enterprises, Pan American Silver Corp., LKQ Corporation, GlobalLogic, Barts Health NHS Trust and Dartmouth College.
CL0P, a ransomware and ransomware group believed to be linked to Russia, is also believed to be behind the MOVEit attack. There were dozens of victims and well-known companies included Shutterfly, Hatchbank, Rubrik, Community Health Systems, Saks Fifth Avenue and Procter & Gamble.
When using safety week
