Automotive components large LKQ Company has confirmed that it has been impacted by the latest cybercrime marketing campaign concentrating on clients of the Oracle E-Enterprise Suite (EBS) resolution.
The Fortune 500 firm offers recycled, refurbished, and aftermarket parts for automobiles and different kinds of autos.
LKQ was one of many first victims of the Oracle EBS hack named on the Cl0p ransomware web site, the place the cybercriminals behind the marketing campaign have been itemizing focused organizations.
SecurityWeek reached out to LKQ for remark a number of instances because it was named on the Cl0p web site in late October, however the firm has not responded.
LKQ has now lastly confirmed that it was focused within the EBS marketing campaign. The agency advised the Maine Legal professional Common’s Workplace that the non-public data of greater than 9,000 people was compromised within the assault.
Primarily based on the notification letter instance submitted by the corporate to the Maine AGO, the incident impacts sole proprietor suppliers, together with data equivalent to Employer Identification Quantity and SSN.
The automotive components distributor launched an investigation on October 3 and accomplished its evaluation into private data compromise on December 1.
“There isn’t any proof of affect to LKQ’s methods past the Oracle E-Enterprise Suite setting,” the corporate is telling impacted people in a knowledge breach discover.Commercial. Scroll to proceed studying.
A number of terabytes of information allegedly stolen from LKQ’s EBS occasion have been made obtainable for obtain by the cybercriminals.
This isn’t the primary time LKQ has been focused by hackers. Precisely one 12 months in the past, the corporate revealed {that a} cyberattack had induced disruptions at a Canadian enterprise unit.
Over 100 organizations focused in Oracle EBS hack
The Cl0p ransomware web site presently lists greater than 100 alleged victims of the Oracle EBS hacking marketing campaign. For a overwhelming majority of those organizations, the cybercriminals have leaked information allegedly stolen from their methods.
Many main firms named on the Cl0p leak website have but to challenge a public assertion on the matter. The cybercriminals sometimes don’t identify victims with out trigger, however the affect of their assault could also be exaggerated.
The listing of main firms which have confirmed affect consists of Logitech, Canon, Cox, Mazda, and a number of other necessary US schools.
Associated: NHS Investigating Oracle EBS Hack Claims as Hackers Title Over 40 Alleged Victims
Associated: Industrial Giants Schneider Electrical and Emerson Named as Victims of Oracle Hack
Associated: CISA Confirms Exploitation of Newest Oracle EBS Vulnerability
