Korean Air Employee Data Exposed in Cl0p Supply-Chain Breach Korean Air confirmed a data breach affecting approximately 30,000 current and former employees after a supply-chain attack on its catering and duty-free subsidiary, Korean Air Catering & Duty-Free (KC&D). The incident stemmed from a critical vulnerability (CVE-2025-61882) in Oracle E-Business Suite (EBS), which the Cl0p ransomware group exploited to steal and leak nearly 500 GB of archives. The exposed data includes full names and bank account numbers, heightening risks of identity theft and financial fraud. Other personal details, such as emails or addresses, were reportedly not compromised. KC&D was added to Cl0p’s leak site on November 21, following a pattern similar to the group’s 2023 MOVEit attack, which impacted hundreds of organizations worldwide. The breach mirrors the MOVEit incident in scale, with dozens of global entities—including Envoy Air, Harvard University, Schneider Electric, and Barts Health NHS Trust—confirming exposure via the same EBS vulnerability. Oracle released a patch in early October after companies began receiving extortion demands from Cl0p, but the damage had already spread. Cl0p, a Russian-linked ransomware group, has claimed responsibility for both the EBS and MOVEit attacks, targeting high-profile victims like Shutterfly, Procter & Gamble, and Community Health Systems. The group’s tactics underscore the growing threat of supply-chain attacks on enterprise software.

HellCat ransomware group compromised Schneider Electric's Jira ticketing system, leading to significant exposure of sensitive data. While specific losses are not detailed, the importance of the ticketing system suggests potential access to a wealth of internal information, thereby threatening the organization's operations and possibly its existence.

Schneider Electric Hit by Cactus Ransomware Attack Targeting Sustainability Division Schneider Electric, a global leader in energy management and automation, confirmed a ransomware attack on its sustainability business division on January 17. The Cactus ransomware group claimed responsibility for the breach, which compromised the company’s EcoStruxure Resource Advisor platform a tool used by over 2,000 organizations worldwide to monitor energy and resource data. The company acknowledged that data was accessed during the attack and has begun notifying affected customers. Schneider Electric is working to restore operations within the division over the next two days, with external cybersecurity experts assisting its internal incident response team. The investigation is ongoing, and the company has not disclosed how the attackers gained access or whether a ransom demand was made. Cactus ransomware has rapidly gained notoriety since March 2023, frequently exploiting vulnerabilities in VPN devices and legitimate remote management tools like AnyDesk, Splashtop, and SuperOps RMM. In November, the group targeted Qlik Sense, a cloud analytics platform, in a separate exploitation campaign. The attack on Schneider Electric underscores the growing threat posed by Cactus to high-profile enterprises.

In June 2023, Schneider Electric, a global leader in digital automation and energy management, fell victim to a Clop ransomware attack exploiting a zero-day vulnerability in Progress Software’s MOVEit Transfer tool. The breach was part of a broader campaign targeting over 100 organizations, including Siemens Energy, Cognizant, Shell, PwC, and British Airways. Clop listed Schneider Electric on its dark web site, threatening to disclose stolen data unless extortion demands were met. While Schneider Electric implemented mitigation measures, the gang claimed to have exfiltrated company data, raising concerns over potential exposure of sensitive corporate and customer information. The incident highlighted critical gaps in third-party software security and the cascading risks of supply-chain attacks. Schneider Electric emphasized the need for proactive cybersecurity strategies and rapid incident response to contain such threats, though the full scope of data compromise—whether limited to internal systems or extending to customer records—remained undisclosed in public reports.

The California Office of the Attorney General reported a data breach involving Schneider Electric on February 7, 2013. The breach occurred on January 16, 2013, when a bulk mail vendor mistakenly included an employee's Social Security Number (SSN) in a mailing. The number of affected individuals is unspecified.