Korean Air Data Breach: Thousands of Employee Records Exposed
▼ Summary
– Korean Air suffered a data breach after its former subsidiary and catering supplier, KC&D, was hacked, compromising employee personal information like names and bank account numbers.
– The airline has reported the incident to authorities and advised employees to be vigilant against fraudulent communications, though no misuse of the data has been confirmed yet.
– The Clop ransomware gang claimed responsibility for the KC&D attack, later publishing the stolen data online and linking it to a broader global campaign.
– As part of the same attack series, Clop compromised numerous other organizations worldwide, including universities, media outlets, and airlines.
– The U.S. Department of State is offering a $10 million reward for information linking Clop’s activities to a foreign government.
A significant data breach at Korean Air has compromised the personal information of thousands of its employees. The incident originated not within the airline’s own systems, but at its former subsidiary and current supplier, Korean Air Catering & Duty-Free (KC&D). The catering company, which spun off in 2020, recently notified the airline that it had suffered a cyberattack, leading to the exposure of sensitive employee data stored on its servers.
The airline’s CEO, Woo Kee-hong, confirmed the breach in an internal memo, stating that compromised information includes employee names and bank account numbers. This data was held within KC&D’s enterprise resource planning (ERP) system. While Korean Air has not released an official count of affected individuals, reports from local media suggest the attackers obtained roughly 30,000 records. The company, which operates a fleet of over 160 aircraft and reported revenues exceeding $11 billion last year, emphasized the seriousness of the incident despite it occurring at an external partner.
In response, Korean Air has reported the breach to the appropriate authorities. Although no evidence has surfaced yet of the stolen data being used for fraudulent purposes, the airline has proactively warned its staff to be vigilant. Employees are advised to scrutinize any suspicious communications, particularly emails or messages that impersonate the company or financial institutions to request transfers or security information.
The company has formally demanded that KC&D conduct a comprehensive investigation into the attack’s cause and enact stronger security measures to prevent future incidents. A spokesperson for Korean Air reiterated the airline’s commitment to enforcing its own stringent internal data security protocols. The internal investigation is ongoing, with efforts focused on precisely determining the full scope and specific targets of the data leak.
While Korean Air has not officially named the perpetrators, the Clop ransomware gang has publicly claimed responsibility for the KC&D attack. The group listed the catering company on its dark web leak site in November and later published the allegedly stolen data, making it available for download. This attack is part of a broader campaign by Clop, which has previously compromised numerous organizations worldwide by exploiting vulnerabilities in software like MOVEit Transfer and Accellion FTA.
Notable victims in this same series of attacks include major corporations and institutions such as Logitech, Harvard University, and The Washington Post. The group’s continued activity has drawn significant attention from law enforcement; the U.S. Department of State is currently offering a reward of up to $10 million for information linking Clop’s operations to a foreign government. This incident underscores the persistent and far-reaching threat posed by sophisticated ransomware groups to global supply chains and partner networks.
(Source: Bleeping Computer)
