Autoparts giant LKQ is the latest victim to confirm it has been hit by a cyber-attack targeting Oracle E-Business Suite (EBS).
The NASDAQ-listed company filed a notification to the Maine Attorney General’s Office that the personal information of more than 9070 people was compromised in the attack. The compromised data includes the victims’ LKQ Employer Identification Number and Social Security number.
LKQ also indicated that the intrusion occurred on August 9 and was discovered on October 3.
LKQ Breach Response: Investigation and Free Credit Monitoring
The Delaware-headquartered company notified affected individuals in a letter sent out on December 15.
In this letter, LKQ explained that it launched an investigation with the help of a third-party forensic firm and took steps to contain the issue, including taking the Oracle EBS environment offline.
The company also analysed what data had been compromised, a process that “has been time consuming” and was finalized on December 1.
The company reported that it had taken steps to deploy additional safeguards on its systems, reinforce its security practices, and enhance security monitoring and controls to strengthen protections.
As part of its ongoing security operations, LKQ also stated that it regularly reviews its security and privacy policies and procedures and implemented necessary changes to improve its information security program and controls.
Additionally, the company announced that it was offering two years of complimentary credit monitoring and identity restoration services through Cyberscout, a TransUnion company.
LKQ is a Fortune 500 company with a 2024 revenue of £11.33bn ($15.1bn). It was one of the first victims listed by the Clop ransomware group, which claimed the attack on Oracle EBS.
Other victims include Japanese photography giant Canon, Barts Health, a London-based NHS trust, GlobalLogic, a US-headquartered software company owned by Japanese conglomerate Hitachi, Logitech and Mazda.
Photo credit: Werner Lerooy / Shutterstock