Korean Air Reports Data Breach Affecting 30,000 Employees in Third-Party Cyberattack Korean Air has disclosed a data breach exposing the personal information of approximately 30,000 employees, marking the second major incident in South Korea’s airline industry in recent weeks. The breach occurred after a cyberattack on KC&D Service, a former in-flight catering subsidiary of the airline, which was sold to private equity firm Hahn & Company in 2020. The leaked data includes names and bank account numbers, though Korean Air confirmed that no customer information was compromised. The airline was notified of the breach by KC&D, prompting an immediate internal investigation. In a message to employees, Vice Chairman Woo Kee-hong emphasized the severity of the incident, stating that the company is working to determine the full scope of the breach and identify affected individuals. Korean Air implemented emergency security measures following the discovery, including a review of service integrations with KC&D, and voluntarily reported the incident to authorities. The airline has also urged KC&D to conduct a thorough analysis to prevent future breaches and plans to enhance its data protection protocols. The incident follows a similar breach at Asiana Airlines last week, which exposed the personal information of around 10,000 employees. Both cases highlight growing cybersecurity risks in the aviation sector, particularly through third-party vendors.