Korean Air announced on the 29th that personal information of some of its employees had been leaked due to an attack by external hackers on its in-flight meal manufacturing and in-flight sales company, Korean Air C&D Services (KC&D).
KC&D was established in 2020 after acquiring the in-flight meal and duty-free sales business from Korean Air, which holds a 20% stake in the company.
Korean Air identified that the leaked information included names and account numbers of Korean Air employees stored in the enterprise resource planning (ERP) system on KC&D’s servers, and clarified that no customer information had been compromised so far.
Korean Air stated, “Immediately after recognizing the incident, we completed urgent security measures, including a safety check of service linkages with KC&D,” and added, “We proactively reported the details to relevant authorities and are taking all possible measures to strengthen personal information protection.”