Korean Air employee data leak via KC&D breach
Data Leak
Summary
Hide ▲
Show ▼
The airline disclosed a data breach that exposed employee names and bank account numbers, creating fraud and impersonation risk for Korean Air staff. The leak followed a hack at KC&D, the carrier's in-flight catering supplier and former subsidiary, and local reports say attackers exfiltrated about 30,000 records. The later posting of the data by the Clop ransomware gang on a dark web leak site raised the risk of downstream misuse.
Related Happenings
ShinyHunters Oracle PeopleSoft data theft and extortion campaign
Campaign
H score60
First: 10.06.2026 21:31
Last: 10.06.2026 21:31
Sources 1
About this happening:
**ShinyHunters**/**UNC6240** used **CVE-2026-35273** in **Oracle PeopleSoft Enterprise PeopleTools** as a **zero-day** to break into exposed systems, steal data, and extort victim...
ShinyHunters Oracle PeopleSoft data theft and extortion campaign
CampaignAbout this happening: **ShinyHunters**/**UNC6240** used **CVE-2026-35273** in **Oracle PeopleSoft Enterprise PeopleTools** as a **zero-day** to break into exposed systems, steal data, and extort victim...
Latest development: 29.06.2026 23:40
Nissan says attackers exploited an Oracle PeopleSoft vulnerability in a ShinyHunters-linked campaign and that the company was specifically targeted, with personal information for current and former employees in the United States, Canada, Mexico, and Brazil potentially exposed. Nissan says the material may include employee contact information, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary information, and the company has activated incident response, engaged external cybersecurity experts, secured affected systems, and is working with Oracle.
ShellForce-affiliated leak site publishes stolen identity, corporate, and résumé records
Data Leak
H score29
First: 09.02.2026 23:14
Last: 09.02.2026 23:14
Sources 1
About this happening:
A **ShellForce**-affiliated leak site is publicly posting **stolen identity records**, **corporate data**, and **résumé databases**, turning intrusions into immediate exposure ris...
ShellForce-affiliated leak site publishes stolen identity, corporate, and résumé records
Data LeakAbout this happening: A **ShellForce**-affiliated leak site is publicly posting **stolen identity records**, **corporate data**, and **résumé databases**, turning intrusions into immediate exposure ris...
ShinyHunters data-leak site exposing stolen attack data
Data Leak
H score71
First: 31.01.2026 17:02
Last: 31.01.2026 17:02
Sources 1
About this happening:
The **ShinyHunters** extortion gang is publishing stolen data on a **data-leak site** tied to its broader **Oracle PeopleSoft** theft campaign. New reporting adds the **University...
ShinyHunters data-leak site exposing stolen attack data
Data LeakAbout this happening: The **ShinyHunters** extortion gang is publishing stolen data on a **data-leak site** tied to its broader **Oracle PeopleSoft** theft campaign. New reporting adds the **University...
Kyowon Group external data leak affecting customer data
Data Leak
H score77
First: 14.01.2026 23:49
Last: 14.01.2026 23:49
Sources 1
About this happening:
**Kyowon Group** confirmed an **external data leak** tied to its **January 2026** ransomware incident, creating a real risk that **customer information** was exposed. The company...
Kyowon Group external data leak affecting customer data
Data LeakAbout this happening: **Kyowon Group** confirmed an **external data leak** tied to its **January 2026** ransomware incident, creating a real risk that **customer information** was exposed. The company...
Kyowon Group hit by ransomware attack
Incident
H score76
First: 14.01.2026 23:49
Last: 14.01.2026 23:49
Sources 1
About this happening:
The **Kyowon Group** confirmed a **ransomware attack** that disrupted operations and led to **customer data exfiltration**, creating immediate availability and exposure risk. The...
Kyowon Group hit by ransomware attack
IncidentAbout this happening: The **Kyowon Group** confirmed a **ransomware attack** that disrupted operations and led to **customer data exfiltration**, creating immediate availability and exposure risk. The...
Timeline
-
29.12.2025 15:08 2 articles · 6mo ago
Korean Air discloses employee data breach after KC&D hack
Initial DisclosureKorean Air disclosed that employee names and bank account numbers stored in its ERP system on affected servers were compromised after Korean Air Catering & Duty-Free (KC&D) was recently hacked, said it had reported the incident to relevant authorities, and warned staff to watch for impersonation emails and messages. Local reporting cited about 30,000 data records and thousands of affected employees, while Korean Air said it had not yet found evidence that the stolen data was used for fraud.
Show sources
- Korean Air data breach exposes data of thousands of employees — www.bleepingcomputer.com — 29.12.2025 15:08
- Korean Air data breach exposes data of thousands of employees — www.bleepingcomputer.com — 29.12.2025 15:08