Automotive parts supplier LKQ Corporation has disclosed a data breach linked to a widespread cyberattack campaign targeting users of Oracle E-Business Suite (EBS), confirming that sensitive personal information belonging to more than 9,000 individuals was compromised.
The Fortune 500 company, known for supplying recycled, refurbished, and aftermarket vehicle components, revealed the incident in a regulatory filing with the Maine Attorney General’s Office. The disclosure places LKQ among a growing list of organizations affected by the Oracle EBS-focused hacking campaign attributed to the Cl0p ransomware group.
Scope and Nature of the Breach
According to LKQ, the breach primarily impacted sole proprietor suppliers. The exposed data may include highly sensitive information such as Employer Identification Numbers (EINs) and Social Security numbers (SSNs).
The company said it detected suspicious activity on October 3, 2025, and promptly launched an internal investigation. That review concluded on December 1, 2025, confirming unauthorized access to personal data within the Oracle EBS environment.
In notifications sent to affected individuals, LKQ stated that its investigation found no evidence that systems outside Oracle E-Business Suite were compromised, suggesting the incident was limited in scope.
Connection to the Cl0p Ransomware Campaign
LKQ was one of the earliest companies named on the leak site operated by the Cl0p ransomware group, which has been publicly identifying alleged victims since late October. While LKQ did not initially comment when first listed, its recent disclosure aligns with claims made by the attackers.
Cl0p alleges it exfiltrated several terabytes of data from LKQ’s Oracle EBS instance and has released portions of the stolen information online. The company has not publicly confirmed the volume of data taken.
Part of a Broader Enterprise Software Attack
The Oracle EBS cybercrime campaign has reportedly affected more than 100 organizations globally, based on information published by the attackers. Although many named entities have not issued public statements, several major companies and institutions have confirmed being impacted, including Logitech, Canon, Cox, Mazda, and multiple U.S. colleges and universities.
Cybersecurity experts note that while ransomware groups may exaggerate claims, Cl0p typically presents evidence of unauthorized access before publicly naming victims.
Not LKQ’s First Cybersecurity Incident
This is the second major cybersecurity disclosure by LKQ in recent years. In late 2024, the company reported a separate cyberattack that disrupted operations at one of its Canadian business units, highlighting the ongoing cyber risks faced by large multinational suppliers.
Rising Risk for Oracle EBS Customers
The LKQ breach adds to increasing concern surrounding Oracle E-Business Suite security, as threat actors continue to exploit vulnerabilities in widely deployed enterprise platforms to steal sensitive data at scale.
Security professionals are urging organizations using Oracle EBS to apply all available patches, audit system access, and conduct forensic investigations to ensure attackers have not already established a foothold.
