**Korean Air Reports Data Breach Affecting 30,000 Employees in Third-Party Cyberattack**
Korean Air has disclosed a data breach exposing the personal information of approximately 30,000 employees, marking the second major incident in South Korea’s airline industry in recent weeks. The breach occurred after a cyberattack on KC&D Service, a former in-flight catering subsidiary of the airline, which was sold to private equity firm Hahn & Company in 2020.
The leaked data includes names and bank account numbers, though Korean Air confirmed that no customer information was compromised. The airline was notified of the breach by KC&D, prompting an immediate internal investigation. In a message to employees, Vice Chairman Woo Kee-hong emphasized the severity of the incident, stating that the company is working to determine the full scope of the breach and identify affected individuals.
Korean Air implemented emergency security measures following the discovery, including a review of service integrations with KC&D, and voluntarily reported the incident to authorities. The airline has also urged KC&D to conduct a thorough analysis to prevent future breaches and plans to enhance its data protection protocols.
The incident follows a similar breach at Asiana Airlines last week, which exposed the personal information of around 10,000 employees. Both cases highlight growing cybersecurity risks in the aviation sector, particularly through third-party vendors.
Korean Air cybersecurity rating report: https://www.rankiteo.com/company/koreanair
"id": "KOR1766970764",
"linkid": "koreanair",
"type": "Breach",
"date": "12/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '0 (no customer data affected)',
'industry': 'Aviation',
'location': 'South Korea',
'name': 'Korean Air',
'type': 'Airline'},
{'customers_affected': '30,000 employees',
'industry': 'Catering',
'location': 'South Korea',
'name': 'KC&D Service',
'type': 'Third-Party Vendor (Former Subsidiary)'}],
'customer_advisories': 'None (no customer data affected)',
'data_breach': {'number_of_records_exposed': '30,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (bank account numbers, names)',
'type_of_data_compromised': 'Personal Information'},
'description': 'A data breach involving the personal information of Korean '
'Air employees occurred after a cyberattack on KC&D Service, a '
'former in-flight catering subsidiary of Korean Air. The '
'breach exposed names and bank account numbers of '
'approximately 30,000 employees. No customer data was '
'affected.',
'impact': {'brand_reputation_impact': 'Negative impact due to employee data '
'breach',
'data_compromised': 'Names and bank account numbers',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': 'Further analysis of breach '
'details, prevention of '
'recurrence'},
'recommendations': 'Strengthen personal data protection posture, improve '
'third-party vendor security oversight',
'references': [{'source': 'Kim Kyung-mi'}],
'regulatory_compliance': {'regulatory_notifications': 'Voluntarily reported '
'to relevant '
'authorities'},
'response': {'communication_strategy': 'Internal notice to employees, public '
'statement via representative',
'containment_measures': 'Emergency security measures, safety '
'check on service integrations with KC&D',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Urged KC&D to analyze the incident and '
'prevent recurrence'},
'stakeholder_advisories': 'Internal notice to employees, public statement via '
'representative',
'title': 'Korean Air Employee Data Breach via Third-Party Vendor',
'type': 'Data Breach'}