Korean Air experienced a data breach after its in-flight catering supplier Korean Air Catering & Duty-Free (KC&D) was hacked. The airline issued an internal notice on Monday that personal information including employee names and bank account numbers in its ERP system was compromised, and a local news report by Korea JoongAng Daily reported about 30,000 records were exfiltrated.
KEY FACTS
- Incident KC&D, an in-flight meals and retail supplier, was hacked
- Exposed data Employee names and bank account numbers in the airline ERP
- Estimated scope About 30,000 records reported
- Timeline Attack linked to activity in November and data later posted online
The internal notice said the breach affected personal information stored on affected servers in the company’s ERP environment. The airline is working to identify the precise scope and targets of the leak and has not found evidence the stolen data was used in fraud to date.
Stolen files associated with the incident later appeared on a criminal leak site, where the data entry linked to KC&D was made available for download via Torrent. The incident forms part of a broader series of data thefts that targeted Oracle EBS instances and other enterprise file transfer products at multiple organisations worldwide.
Korean Air has reported the incident to relevant authorities and has asked KC&D to investigate the cause and implement measures to prevent recurrence. Employees were urged to be alert for texts or emails impersonating the company or financial institutions and to avoid transfer requests that seek security card numbers.
WHY IT MATTERS
The breach highlights risks when suppliers manage sensitive employee data and the potential for exposed records to be made publicly available. Affected employees may face increased phishing and fraud attempts if their data circulates online.