A data breach affecting a subcontractor linked to South Korean airline Korean Air has been disclosed, involving unauthorized access to internal employee records.
According to company statements and regulatory disclosures, the incident occurred after attackers exploited vulnerabilities in systems operated by KC&D Service, a former in-flight catering subsidiary now owned by a private equity firm.
Preliminary investigations indicate that approximately 30,000 employee records were accessed, including names, bank account details, and internal employment identifiers. Korean Air said that no customer data was affected and the exposure was limited to internal employee information.
The airline confirmed that cybersecurity specialists and forensic teams have been engaged to investigate how the access occurred and to assess the full scope of the incident. Authorities are working with the company to determine potential regulatory and legal implications.
Korean Air stated that additional access controls and monitoring systems have been implemented, and the situation remains under review as the investigation continues.