LKQ Corporation Data Breach Exposes SSNs of 9,070

LKQ Corporation, a leading global distributor of automotive parts, recently experienced a significant data breach. So far, the breach has impacted at least 9,070 individuals across the U.S. According to official notices, the cybersecurity event exposed personally identifiable information (PII) such as Employer Identification Numbers and Social Security numbers belonging to sole proprietor suppliers of LKQ.

The breach was first discovered on Oct. 3, 2025, when LKQ’s security team became aware of a third party exploiting a previously unknown vulnerability in Oracle’s E-Business Suite application, which is used by LKQ and many other organizations worldwide.

Upon investigation, it was determined that the incident was a ransomware attack carried out by the CL0P group, a well-known cybercriminal organization. The group claimed responsibility for the breach on the dark web on Oct. 22, 2025, stating they had obtained sensitive data from LKQ’s systems and posting details on the Tor network.

So far, 9,070 individuals in the United States were affected by this breach, including 1,119 residents in Texas, 31 in Maine, 27 in New Hampshire and 189 in Massachusetts. The breach was officially disclosed to the Maine, New Hampshire and Massachusetts Attorney Generals' offices on Dec. 15, 2025, and to the Texas Attorney General on Dec. 16, 2025.

The severity of this breach lies in the nature of the information exposed and the method of attack. The exploitation of a zero-day vulnerability in a widely used enterprise application allowed the CL0P ransomware group to access and potentially exfiltrate sensitive data before LKQ could contain the threat.

LKQ Corporation's response

In response to the breach, LKQ Corporation took immediate steps to contain the incident. The affected Oracle E-Business Suite system was promptly taken offline and a third-party forensic firm was engaged to assist with the investigation. LKQ also reinforced its security practices and enhanced monitoring and controls to prevent similar incidents in the future.

For those affected, LKQ is offering two years of complimentary credit monitoring and identity restoration services through Cyberscout, a TransUnion company. Impacted individuals are encouraged to enroll in these services by March 31, 2026, as detailed in the written notice sent to affected parties.

If you receive notification from LKQ Corporation about this breach, you may want to:

• Sign up for the free Cyberscout credit monitoring protection services, offered by the company.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For affected individuals with questions, LKQ Corporation has set up a call center at 1-833-974-3365, Monday through Friday, 8 a.m. to 8 p.m. ET.