Ethical Hacking News
Korean Air Discloses Data Breach After Catering Supplier Hack, Revealing Thousands of Employee Personal Details
South Korea's flag carrier Korean Air has disclosed a data breach after its catering supplier was hacked. The breach exposed personal details of around 30,000 employees of Korean Air. To learn more about the incident and potential security implications, please read our in-depth article.
Korean Air disclosed a data breach after its catering supplier, Korean Air Catering & Duty-Free (KC&D), was hacked. The breach exposed personal details of around 30,000 employees of Korean Air. The airline has taken emergency security measures, reported the incident to authorities, and is working to identify the full scope of the breach. The breach is believed to have been carried out by the Clop ransomware group, which has claimed responsibility for the KC&D attack in November.
Korean Air, South Korea's flag carrier and one of the largest airlines in Asia, has disclosed a data breach after its catering supplier, Korean Air Catering & Duty-Free (KC&D), was hacked. The breach, which occurred in November, exposed personal details of around 30,000 employees of Korean Air.
The airline, operating passenger and cargo services worldwide, employs approximately 18,000-20,000 people globally and serves destinations across multiple continents. In 2024, it carried over 23 million passengers, and as of 2025, it has transported more than 16 million passengers so far. The airline operates a large modern fleet and has hubs at Seoul's major airports, connecting numerous international and domestic routes.
According to an internal notice posted on December 29, 2025, Korean Air Catering & Duty-Free (KC&D) informed the airline of a security breach involving personal data belonging to its employees. KC&D is an in-flight meal and in-flight sales company that was spun off from Korean Air in 2020 and operates as a separate entity.
The notice stated that during the hacking process, the personal information (names, account numbers) of Korean Air's employees stored on KC&D Service's ERP server was leaked. The incident occurred within the management scope of an external partner company that was spun off and sold. However, Korean Air takes this matter very seriously as it involves employee data.
Upon learning of the breach, Korean Air implemented emergency security measures, reported the incident to authorities, and is working to identify the full scope of the breach and who was affected. The airline confirmed no additional employee data has been leaked but warned staff to watch for suspicious messages. Further guidance and support will be provided, and security protocols with partners will be fully reviewed to prevent recurrence.
"Woohaeong Woo," a Korean Air spokesperson stated in a message to employees, "Korean Air takes this incident very seriously, especially since it involves employee data, even if it originated from a third-party vendor that was sold off." The airline is currently focusing all its efforts on identifying the full scope of the breach and who was affected.
The Clop ransomware group has claimed responsibility for the KC&D attack in November. This group, specializing in big-game hunting and double-extortion, has been exploiting a critical Oracle EBS zero-day (CVE-2025-61882) since early August, stealing sensitive data from numerous organizations worldwide, including Envoy Air, Harvard University, Washington Post, Logitech, University of Pennsylvania, and University of Phoenix.
Clop is a prolific Russian-speaking ransomware-as-a-service group emerging from the TA505 cybercrime group. The group has been identified as a financially motivated gang active since at least 2014. Like other Russia-based threat actors, Clop avoids targets in former Soviet countries and its malware cannot be activated on a computer that operates primarily in Russian.
Clop exploits zero-days and vulnerable third-party software (e.g., MOVEit, GoAnywhere, Oracle EBS), leverages initial-access brokers and automation, and uses sophisticated evasion and lateral-movement techniques to maximize impact and monetization. The group's victims include Shell, British Airways, Bombardier, University of Colorado, PwC, and the BBC.
The breach at KC&D highlights the importance of robust security measures for companies operating in various industries, particularly those dealing with sensitive data. As the airline continues to work on identifying the full scope of the breach and implementing new security protocols, it serves as a reminder that even seemingly isolated incidents can have significant consequences for employee safety and corporate reputation.
Related Information:
https://www.ethicalhackingnews.com/articles/Korean-Air-Discloses-Data-Breach-After-Catering-Supplier-Hack-Revealing-Thousands-of-Employee-Personal-Details-ehn.shtml
https://securityaffairs.com/186275/data-breach/korean-air-discloses-data-breach-after-the-hack-of-its-catering-and-duty-free-supplier.html
Published: Mon Dec 29 09:03:23 2025 by llama3.2 3B Q4_K_M
