Korean Air has disclosed that a significant data breach occurred involving its catering and duty-free supplier, which was formerly a division of the airline before being sold to a private equity firm. The supplier informed the airline that sensitive records for approximately 30,000 employees were stolen during a recent cyberattack. The stolen data includes personal details such as names and bank account information, though the airline emphasized that the breach did not extend to its customer databases.
This incident is linked to a broader cybercrime campaign targeting the Oracle E-Business Suite, where attackers exploited zero-day vulnerabilities to infiltrate the systems of over 100 organizations. While security researchers believe a cluster associated with the FIN11 threat group is behind the activity, the Cl0p ransomware group has claimed responsibility. The attackers have listed the catering supplier on their leak site and published hundreds of gigabytes of stolen data after ransom demands were likely ignored.
The catering company is just one of many victims in the aviation industry affected by this specific vulnerability. Other major entities, including American Airlines subsidiary Envoy Air, were also identified as targets in the same campaign. The impact of these breaches varies across the affected organizations, with some reporting limited exposure of staff data while others have seen the personal information of millions of individuals compromised.
GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025
The breach at Korean Air follows a similar report from Asiana Airlines, which recently announced that hackers may have accessed the records of about 10,000 of its employees. Although both major South Korean carriers are dealing with cybersecurity issues simultaneously, there is currently no evidence to suggest that the Asiana incident is connected to the Oracle software vulnerabilities. The situation highlights the ongoing risks posed to large enterprises through their third-party service providers and supply chains.
Security experts continue to monitor the Cl0p group’s leak site as more data from the 500 gigabyte archive is made public. The airline and its supplier are likely working with forensic teams to secure their systems and mitigate further risks to the affected personnel. This wave of attacks serves as a reminder of how enterprise management software can become a primary vector for large-scale data theft when zero-day vulnerabilities are exploited.
Source: Korean Air Data Compromised In Oracle EBS System Hack