%402x.svg){kind=icon}
Accelerated by:
Certifications:
Light Eyes is part of Apolo Cybersecurity
ENG
ENG
.webp)
A new cybersecurity incident has once again highlighted the fragility of complex digital ecosystems. Korean Air has confirmed the exposure of the personal data of approximately 30,000 employees as a result of a cyberattack that did not occur directly against the airline, but against one of its external suppliers. These types of incidents, which are increasingly frequent, highlight how supply chain breaches can have a direct and significant impact on large corporations, even when their internal systems remain intact.
Beyond the volume of data affected, the case highlights a worrying reality: internal employee information—including personal and financial data—has become a priority target for cybercriminals. In a context where attacks on third parties, the exploitation of vulnerabilities in enterprise software and the lack of homogenous controls between vendors combine, security can no longer be limited to the organization's traditional perimeter. The Korean Air incident thus serves as a clear reminder of the need to adopt a comprehensive view of cybersecurity, capable of anticipating risks beyond the visible boundaries of the business.
The attack was directed against KC&D Service, a company that provides catering services and operates duty-free stores for Korean Air, and which was formerly part of the airline before it was sold in 2020. Cybercriminals were able to access internal company systems that stored sensitive information of current and former employees.
This incident highlights how breaches in suppliers or third parties can have a direct impact on the security of the main organization, even when the airline's internal systems are not compromised. In addition, it highlights the importance of implementing strict access controls and regular audits throughout the supply chain, especially in companies that handle confidential employee or customer information.
According to reports, the leaked information includes very sensitive elements such as:
Fortunately, customer data has not been confirmed to be involved in this breach, limiting the direct impact on consumers who use the company's services.
The intrusion is related to a vulnerability exploitation campaign in Oracle E-Business Suite (EBS), a widely used business software. These weaknesses allow attackers to enter systems without valid credentials before the flaws were patched.
In addition, the cybercriminal group Cl0p, known for similar attacks against global organizations, has published some of the stolen data on its leak site, claiming credit for the offensive against KC&D.
This incident comes a few days after another South Korean airline, Asiana Airlines, reported a breach affecting nearly 10,000 employees, highlighting a growing vulnerability in the airline industry to attacks against suppliers and third parties.
The risks associated with compromising personal data range from financial fraud and targeted phishing attempts to the possibility of extortion or impersonation. Even employees reported that they have been advised to be alert to suspicious messages that request transfers or additional information.
This case highlights several critical points that every company must consider:
The breach at Korean Air isn't just an isolated episode; it's a reminder that no organization is completely risk-free if it doesn't strengthen its internal and external defenses. Information security must extend beyond corporate walls and encompass the entire digital ecosystem.
At Apolo Cybersecurity, we help organizations identify hidden risks in their supply chain, protect sensitive data and strengthen their defenses before a breach becomes a crisis. Request your free consultation today and discover how to strengthen your company's security before it's too late.