UPDATE: In a shocking security breach, Korean Air has confirmed that the personal details of approximately 30,000 current and former employees have been stolen and leaked online by the notorious Cl0p gang. This alarming news was announced on December 29, 2025, following a similar incident earlier this month involving Asiana Airlines, where 10,000 staff records were compromised.
The breach occurred not through Korean Air’s main systems but from KC&D Service, a catering and duty-free firm formerly part of the airline. Although KC&D was sold to Hahn & Company in 2020, it continues to provide in-flight services for Korean Air, of which the airline retains a 20% stake.
Authorities report that hackers exploited a vulnerability in the widely-used Oracle E-Business Suite software, allowing them to access KC&D’s Enterprise Resource Planning (ERP) server without a username or password. This flaw, tracked as CVE-2025-61882, has also been linked to previous attacks, including one on Envoy Air, a subsidiary of American Airlines.
“KC&D Service was recently attacked by an external hacker group. During this process, the personal information of our employees stored on that company’s ERP server was leaked,”
stated a notice from Korean Air. The stolen data includes sensitive information such as employee names and bank account numbers, raising significant concerns among staff. However, Korean Air reassured the public that customer data, including flight bookings and credit card details, remains secure.
In the wake of this incident, Woo Kee-hong, Vice Chairman of Korean Air, emphasized the seriousness of the situation, stating that the company is focused on determining the full scope of the breach and its impact on employees.
“We are currently focusing all our efforts on identifying the full scope of the breach and who was affected,” he stated in a message to employees. Emergency security updates have been implemented, and all digital connections with KC&D have been severed to prevent further data exposure.
Korean Air has also reported the breach to the Korea Internet and Security Agency (KISA) and is urging employees to remain vigilant against potential follow-up scams through phishing emails or texts.
This incident adds to a troubling trend of data breaches in South Korea, which has faced significant cyber attacks in recent months. Earlier in December, Coupang, the nation’s largest online retailer, reported a massive breach affecting all 33.7 million users, resulting in the resignation of its CEO. Furthermore, a malware attack on SK Telecom uncovered in May 2025 led to the exposure of 26.69 million IMSI units and extensive data breaches.
The international community is closely watching these developments, as the Cl0p gang continues to exploit weaknesses in major corporations, having previously targeted high-profile entities such as Harvard University and Logitech. As this story unfolds, Korean Air and its employees face an uncertain future in the wake of this significant data breach.
