Thousands of employees exposed as Korean Air compromised in Oracle breach
- Korean Air lost data on around 30,000 employees following KC&D supply chain breach
- Cl0p ransomware group leaked 500GB of archives, exposing names and bank account numbers
- The incident mirrors the MOVEit attack of 2023; Dozens of global companies breached via EBS
South Korean airline Korean Air reportedly lost sensitive data on tens of thousands of its employees after an attack on a catering company’s supply chain.
Local media reports that Korean Air Catering & Duty-Free (KC&D), a company that prepares in-flight meals for several airlines and manages duty-free retail sales for passengers, was using Oracle E-Business Suite (EBS) at the time the tool had a critical severity vulnerability.
The bug, identified as CVE-2025-61882, was discovered in early October this year, when some companies began receiving emails from hackers claiming to have used it to break in and steal data.
Cl0p takes responsibility
Oracle quickly released a patch, but the damage was already done. Cl0p ransomware operators took responsibility for the attack, and in the weeks and months following the news, several high-profile organizations confirmed they were victims of the attack.
Korean Air confirmed that during the supply chain attack it lost sensitive data on approximately 30,000 current and former employees. Compromised data includes full names and bank account numbers, putting them at risk of identity theft and fraud. Other information, such as emails, phone numbers or postal addresses, was apparently not compromised.
According to Security Week, Cl0p added KC&D to its site on November 21, disclosing nearly 500 GB of archives.
The Oracle E-Business Suite breach is similar in scale and damage to the MOVEit incident of 2023, in which hundreds of companies lost sensitive data on millions of people.
Dozens of breaches have been confirmed through EBS so far, including Envoy Air, Harvard University, University of Witwatersrand, Schneider Electric, Emerson, Cox Enterprises, Pan American Silver Corp, LKQ Corporation, GlobalLogic, Barts Health NHS Trust and Dartmouth College.
Cl0p, widely believed to be a Russia-linked extortion and ransomware group, has also been credited with the MOVEit attack. Its victims number in the dozens, and some notable names include Shutterfly, Hatch Bank, Rubrik, Community Health Systems, Saks Fifth Avenue, and Procter & Gamble.
Via Safety Week
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
