Massive Breach at University of Phoenix Due to the Oracle EBS Exploit, Korean Air Confirms Breach Claimed by CL0P
Published
Key Takeaways
- Data Exposure: The University of Phoenix has disclosed that a breach of its Oracle EBS system may have compromised the data of nearly 3.5M individuals.
- Global Impact: Korean Air also reported a data leak affecting 30,000 employee records stored on its catering subsidiary's ERP server.
- CL0P Ransomware: CL0P is conducting a large-scale campaign that started with the exploitation of an Oracle EBS vulnerability in August.
The fallout from the August Oracle E-Business Suite (EBS) campaign by the CL0P ransomware group continues to expand, with the University of Phoenix, Korean Air, and Korean Air Catering now reporting a data security incident after being listed on the threat actor’s leak site.
Korean Air Confirms Employee Data Leak
According to reports the airline stated that the Korean Air cyberattack originated from a third-party vendor, KC&D Service, which was its former in-flight catering subsidiary.
The breach exposed the personal data of approximately 30,000 employees, including names and bank account numbers.
The company published a post saying that the breach impacted data stored on the company's ERP server, the same report said.
CL0P's leak site listed "Korean Air Catering”, which may link it to the same Oracle EBS exploitation campaign, even though the report did not mention this connection.
University of Phoenix Data Breach
In a filing with the Maine Attorney General's office, the university revealed that the Oracle EBS breach may have compromised the sensitive personal data of nearly 3.5 million people. This disclosure follows the CL0P group listing the university as a victim on its dark web data leak site.
The exposed information includes:
- Names,
- Social Security numbers,
- Contact information,
- Dates of birth,
- Financial details like bank account and routing numbers.
The University of Phoenix “believes that the incident will not have a material adverse effect on its business operations or student programming.”
Broader Implications of the CL0P Campaign
This series of incidents highlights how threat actors have exploited vulnerabilities in widely used enterprise software and file-transfer services. The University of Phoenix data leak is one of the largest to result from this specific campaign, which has impacted over 100 organizations.
As part of the same Cl0p campaign, Canon confirmed a subsidiary breach after the threat actor claimed Canon and Mazda, and Logitech confirmed the breach impacted employees, consumers, and suppliers. Other victims include the Washington Post and Harvard.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular