Thousands of employees were exposed because Korean Air was compromised in an Oracle breach

• Korean Air lost data on approximately 30,000 employees due to a KC&D supply chain breach
• Ransomware group Cl0p leaked 500GB archives, revealing names and bank account numbers
• The incident mirrors the MOVEit attack of 2023; Dozens of global companies have confirmed EBS breaches

South Korean airline Korean Air has reportedly lost sensitive data on tens of thousands of its employees following a supply chain attack on a catering company.

Local media reports that Korean Air Catering & Duty-Free (KC&D), a company that prepares in-flight meals for multiple airlines and operates duty-free retail sales for passengers, was using Oracle E-Business Suite (EBS) at the time the tool had a security vulnerability of critical severity.