Bank Info Security

Every week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. This week, a Clop-linked vendor breach exposed Korean Air employee data, a China-linked APT hijacked software updates to spread malware, a critical zero-day flaw went unpatched, a Condé Nast intrusion led to a mass user data leak, pro-Russian hacktivists disrupted France’s postal services and authorities extradited a suspect over a long-running malware operation.

Korean Air said that sensitive information pertaining to roughly 30,000 employees was compromised following a cyberattack on KC&D Service, the airline’s former in-flight catering and onboard sales subsidiary.

The airline in an internal notice to staff said KC&D, which was divested by Korean Air in December 2020, suffered a breach by an external hacking group that resulted in unauthorized access to servers storing employee data as part of the vendor’s enterprise resource planning system. The leaked data includes employee names and bank account numbers, according to the airline’s statement, reported Korea JoongAng Daily.