Korean Air reports third party data breach exposing 30,000 employee records
Learn More
Korean Air, South Korea's flagship carrier, is reporting a data breach affecting approximately 30,000 employee records after a cyberattack on KC&D Service, the airline's former in-flight catering subsidiary.
An external hacker group compromised KC&D's systems, which had been storing Korean Air employee information on their servers for five years despite being sold to private equity firm Hahn & Company in 2020. The breach is the second major airline security incident in South Korea within a week, following Asiana Airlines' disclosure of a breach affecting 10,000 employees.
The exposed data includes:
- Names
- Bank account numbers or phone numbers (sources vary)
Korean Air claims that no customer data was affected by the breach.
The prolonged retention of sensitive employee information by the former subsidiary raises questions about data governance practices and the implementation of data deletion protocols following corporate divestitures.
Korean Air officials indicated they are working to understand the full details of the breach.
Korean Air has advised employees to be careful of suspicious text messages or emails that could be part of follow-on phishing or social engineering attacks.
