UPDATE: In a shocking breach of security, Korean Air has confirmed that the personal details of around 30,000 current and former employees have been stolen, with sensitive data leaked online by the notorious Cl0p gang. This incident, reported on December 29, 2025, raises urgent concerns amid a series of similar attacks plaguing South Korea’s aviation industry.
The breach reportedly occurred at KC&D Service, a company that handles in-flight meals and duty-free goods for Korean Air. Despite its sale to Hahn & Company in 2020, Korean Air retains a 20% stake in KC&D. The hackers exploited a vulnerability in the widely used Oracle E-Business Suite, allowing them to access KC&D’s ERP server and steal sensitive employee information, including names and bank account numbers.
According to Korea JoongAng Daily, the breach did not originate from Korean Air’s main systems but instead targeted the external vendor. The Cl0p gang, known for its high-profile attacks, has begun leaking nearly 500 GB of stolen files on the dark web after the company reportedly refused to pay a ransom.
Woo Kee-hong, vice chairman of Korean Air, stated, “Korean Air takes this incident very seriously, especially since it involves employee data. We are currently focusing all our efforts on identifying the full scope of the breach and who was affected.” The airline has implemented emergency security measures and severed digital connections with KC&D to prevent further data leaks.
As a precaution, Korean Air has alerted employees to be vigilant against potential phishing attempts following the breach. The company has also notified the Korea Internet and Security Agency (KISA) to assist in the investigation.
This incident adds to a troubling trend in South Korea, which has faced a series of data breaches this year. Earlier in December, online retail giant Coupang experienced a massive breach affecting 33.7 million users, further highlighting the urgent need for robust cybersecurity measures in the region.
As the situation develops, employees and the public alike are urged to stay informed about potential risks and remain cautious of suspicious communications. More updates are expected as investigations continue into the breach and its implications for Korean Air and KC&D Service.
