1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Auto giant LKQ says it's the latest firm to be hit by Oracle EBS

    From TechnologyDaily@1337:1/100 to All on Thu Dec 18 15:15:09 2025
    Auto giant LKQ says it's the latest firm to be hit by Oracle EBS data breach

    Date:
    Thu, 18 Dec 2025 15:05:00 +0000

    Description:
    Cl0p claimed to have breached LKQ, but the attack was confirmed only recently.

    FULL STORY ======================================================================LKQ confirmed it was affected by Oracle EBusiness Suite breach, exposing SSNs and EINs of about 9,000 people Cl0p is believed to be responsible, claiming terabytes of LKQ data stolen via CVE202221587 exploitation The incident adds to a growing list of EBS victims, including Envoy Air, Harvard, The
    Washington Post, Cox, and Logitech

    The list of companies breached through the Oracle E-Business Suite vulnerability keeps growing - with the latest organization to confirm an attack is US aftermarket car parts and recycled original equipment firm LKQ.

    The company recently filed a data breach notification form with the Office of the Maine Attorney General, in which it said it lost sensitive data on
    roughly 9,000 people, including peoples LKQ Employer Identification Numbers, and Social Security Numbers.

    The attack apparently took place on August 9 2025, and was discovered on October 3, when LKQ launched an internal investigation, which concluded on December 1, after which affected individuals, as well as relevant government agencies, were notified. Cl0p steals terabytes

    There is no evidence of impact to LKQs systems beyond the Oracle E-Business Suite environment, the company explained in the notification.

    As a result, LKQ strengthened its networks security, and offered free credit monitoring and identity restoration services through Cyberscout to affected individuals, for two years.

    It did not detail who the threat actors were or what they were after.
    However, it is generally known that Cl0p, a Russian-speaking group, was the one behind the E-Business Suite attacks. Curiously enough, according to Security Week, LKQ was the first company Cl0p listed on its data leak website as having been breached through E-Business Suite, but the company did not confirm the claims until now.

    Cl0p said it took several terabytes of files from LKQs EBS instances and shared it with the cybercriminal community.

    Last summer, the ransomware actor abused a critical vulnerability in Oracle E-Business Suite, most commonly linked to CVE-2022-21587, which allowed unauthenticated remote code execution. This gave them access to user
    accounts, which they used to exfiltrate sensitive data. So far, there were multiple confirmed cases of data theft, including Envoy Air, Harvard University, The Washington Post, Cox Enterprises, and Logitech.

    Via Infosecurity Magazine

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/auto-giant-lkq-says-its-the-latest-firm -hit-by-oracle-ebs-data-breach


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)