Korean Air skilled a data breach affecting 1000’s of staff after Korean Air Catering & Responsibility-Free (KC&D), its in-flight catering provider and former subsidiary, was not too long ago hacked.
Korea’s flag provider has over 20,000 staff, a fleet of over 160 plane, and has reported over $11 billion in income after carrying greater than 23 million passengers in 2024.
The airline issued an inside discover on Monday, disclosing a data breach after KC&D (which spun off as a separate in-flight meals and retail firm in 2020) notified it that it had been not too long ago hacked.
“Throughout this incident, private info (names, checking account numbers) of our staff saved within the firm’s ERP system on the affected servers was compromised,” Korean Air CEO Woo Kee-hong stated in an inside memo.
“Though this incident occurred throughout the administration area of an exterior accomplice firm spun off from us, the corporate views this matter with the utmost seriousness because it entails the knowledge of our staff.”
Though the corporate did not share additional particulars on what number of staff had their info stolen within the breach, native information shops report that the attackers exfiltrated roughly 30,000 knowledge information.
Korean Air has since reported the incident to the related authorities and, whereas it has but to search out proof that the stolen knowledge was used for fraud, it has suggested staff to be looking out for emails and messages impersonating the corporate.
“We’re presently focusing our efforts on figuring out the exact scope and targets of the leak. Up to now, no proof of further worker info leakage past the aforementioned objects has been recognized,” Kee-hong added.
“Nevertheless, to stop potential secondary harm, all staff are urged to train excessive warning concerning suspicious texts or emails requesting transfers impersonating the corporate or monetary establishments, or demanding security card numbers.”
Whereas Korean Air has but to attribute the assault, the Clop ransomware gang has claimed accountability for the KC&D assault in November and later revealed the allegedly stolen knowledge on its darkish internet leak web site, making it accessible for obtain through Torrent.
As a part of the identical collection of knowledge theft assaults, Clop compromised the Oracle EBS situations of dozens of victims worldwide, together with GlobalLogic, Logitech, Harvard College, the College of Pennsylvania, The Washington Publish, and the American Airways subsidiary Envoy Air, leaking the stolen knowledge on its leak web site.
Prior to now, the ransomware group was behind different knowledge theft campaigns focusing on GoAnywhere MFT, Accellion FTA, Cleo, and MOVEit Switch, and, most not too long ago, Gladinet CentreStack clients.
The U.S. Division of State now gives a $10 million bounty to anybody who can present any info tying Clop’s assaults to a overseas authorities.
A Korean Air spokesperson was not instantly accessible for remark when contacted by BleepingComputer earlier as we speak.
Damaged IAM is not simply an IT drawback – the influence ripples throughout your complete enterprise.
This sensible information covers why conventional IAM practices fail to maintain up with fashionable calls for, examples of what “good” IAM seems to be like, and a easy guidelines for constructing a scalable technique.
