LKQ Corporation reports data breach impacting 9,070 individuals after Oracle EBS exploit
Learn More
LKQ Corporation, a Fortune 500 automotive parts distributor headquartered in Antioch, Tennessee, reports a data breach that exposed sensitive personal information of 9,070 individuals across the United States.
The company discovered the security incident on October 3, 2025. The breach was caused by exploitation of a zero-day vulnerability in Oracle's E-Business Suite (EBS) application. The Cl0p ransomware group claimed responsibility for the attack on October 22, 2025, listing the company on their dark web site and threatening to release sensitive data. The exposed information included:
- Social Security numbers
- LKQ Employer Identification Numbers
The company sent notifications to affected consumers on December 15, 2025. LKQ Corporation is offering 24 months of complimentary credit monitoring and identity theft restoration services to all compromised customers. The company engaged Orrick Herrington & Sutcliffe LLP, a major international law firm, to manage the breach response and legal compliance obligations. For affected individuals with questions or concerns, LKQ Corporation established a dedicated call center at 1-833-974-3365, available Monday through Friday from 8 AM to 8 PM Eastern Time.
