Automotive parts distributor LKQ Corporation has confirmed it was impacted by a cyberattack tied to a broader hacking campaign exploiting vulnerabilities in Oracle E-Business Suite (EBS), resulting in the exposure of personal data belonging to thousands of individuals.
LKQ, a Fortune 500 company specializing in recycled, refurbished, and aftermarket vehicle components, acknowledged the incident in a notification filed with the Maine Attorney General’s Office. According to the disclosure, the breach compromised the personal information of more than 9,000 individuals.
Details of the Data Exposure
The company stated that the incident primarily affected sole proprietor suppliers. Exposed information may include sensitive data such as Employer Identification Numbers (EINs) and Social Security numbers (SSNs).
LKQ reported that it became aware of suspicious activity on October 3, 2025, and launched an internal investigation shortly afterward. The review into potential personal data exposure concluded on December 1, 2025.
In its breach notification to affected individuals, LKQ emphasized that the compromise was limited in scope. The company said it found no evidence that systems outside of its Oracle E-Business Suite environment were affected.
Linked to Cl0p Ransomware Campaign
LKQ was among the first organizations named on the leak site operated by the Cl0p ransomware group, which has been publicly listing victims of its Oracle EBS-focused cybercrime campaign since late October.
Although LKQ did not immediately comment when first listed by the attackers, confirmation of the breach now aligns with claims made by the group. The cybercriminals allege they exfiltrated several terabytes of data from LKQ’s Oracle EBS instance and have made portions of that data available for download.
Part of a Larger Industry-Wide Attack
The Oracle EBS hacking campaign has reportedly affected more than 100 organizations worldwide, according to listings on the Cl0p leak site. While many companies named by the group have yet to issue public statements, several major organizations have confirmed exposure, including Logitech, Canon, Cox, Mazda, and multiple U.S. higher education institutions.
Security experts caution that while Cl0p’s claims may occasionally exaggerate impact, the group typically does not name organizations without evidence of unauthorized access.
A Repeat Target
This is not the first cybersecurity incident disclosed by LKQ. In late 2024, the company reported a separate cyberattack that caused operational disruptions at one of its Canadian business units, underscoring ongoing risks facing large multinational suppliers.
Ongoing Concerns for Oracle EBS Users
The LKQ disclosure adds to growing concern among organizations using Oracle E-Business Suite, as attackers continue to exploit weaknesses in enterprise software environments to steal large volumes of sensitive data.
Security professionals are urging Oracle EBS customers to review access controls, apply all relevant patches, and conduct forensic assessments to identify potential compromise.
