- LKQ confirmed that it was affected by the Oracle E‑Business Suite breach, exposing the SSNs and EINs of approximately 9,000 individuals.
- Cl0p is believed to be responsible, claiming terabytes of LKQ data were stolen via the CVE‑2022‑21587 exploit.
- The incident adds to a growing list of EBS victims, including Envoy Air, Harvard, The Washington Post, Cox and Logitech.
The list of companies infected by the Oracle E-Business Suite vulnerability continues to grow. The latest organization to confirm an attack is US-based recycled auto parts and original equipment company LKQ.
The company recently filed a data breach notification form with the Maine Attorney General’s office, in which it said it lost sensitive data on approximately 9,000 people, including LKQ employer identification numbers and Social Security numbers.
The attack apparently took place on August 9, 2025 and was discovered on October 3, when LKQ launched an internal investigation, which concluded on December 1, after which those affected as well as relevant government agencies were informed.
Cl0p steals terabytes
“There is no evidence of impact to LKQ’s systems beyond the Oracle E-Business Suite environment,” the company explained in the notification.
As a result, LKQ strengthened its network security and offered free credit monitoring and identity restoration services via Cyberscout to affected individuals for two years.
He did not specify who the perpetrators of the threat were or what they were seeking. However, it is common knowledge that Cl0p, a Russian-speaking group, is behind the attacks against E-Business Suite. Interestingly, according to Security Week, LKQ was the first Cl0p company listed on its data leak website as having been hacked via E-Business Suite, but the company has not confirmed these claims until now.
Cl0p said it recovered several terabytes of files from LKQ’s EBS instances and shared them with the cybercriminal community.
Last summer, the ransomware actor abused a critical vulnerability in Oracle E-Business Suite, most commonly related to CVE-2022-21587, which allowed unauthenticated remote code execution. This gave them access to user accounts, which they used to exfiltrate sensitive data. So far, there have been several confirmed cases of data theft, including Envoy Air, Harvard University, The Washington Post, Cox Enterprises, and Logitech.
Via Infosecurity Magazine
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
