LKQ Data Breach: SSNs Exposed
By Join The Case · Published December 16, 2025 · Updated December 16, 2025 · 7 min read
File Your Claim Now

Dapeer Law, P.A., a top-rated class action law firm, is investigating the LKQ data breach. If you received notice that your information was exposed during this breach, you may be entitled to compensation. It's free to join our investigation to see if we can help you recover.

See Featured Articles
Petco Data Breach Affects Subscriber Privacy Petco Data Breach Affects Subscriber Privacy Were you hired to help train AI models? Were you hired to help train AI models? Received a Parking Ticket Notice in the Mail from Parking Revenue Recovery Services? Received a Parking Ticket Notice in the Mail from Parking Revenue Recovery Services? The Washington Post Data Breach: SSNs Exposed The Washington Post Data Breach: SSNs Exposed Late-Night and Early-Morning Unwanted Text Messages Late-Night and Early-Morning Unwanted Text Messages

LKQ Data Breach Lawsuit Investigation

Auto-parts giant LKQ has begun notifying sole-proprietor suppliers that sensitive tax identifiers were exposed following an Oracle E-Business Suite exploit. If you received a letter dated December 15, 2025, you may be eligible for free credit monitoring and potential legal remedies. Review the facts below and act now to protect your identity.

Key Details at a Glance

  • Incident discovered: October 3, 2025
  • Consumer notices mailed: December 15, 2025
  • Affected data: Employer Identification Numbers (EINs) and/or Social Security numbers (SSNs)
  • Free services offered: Two years of credit monitoring and identity-restoration through Cyberscout (a TransUnion company)
  • Breach environment: Oracle E-Business Suite application only — no evidence of wider LKQ systems impact

What Happened

LKQ Corporation (LKQ) relies on Oracle’s E-Business Suite, an enterprise resource-planning platform. Oracle announced new security vulnerabilities, one of which was exploited by an unauthorized third party. LKQ’s security team detected the activity and, on October 3 2025, isolated the affected environment and launched a forensic investigation with external experts. LKQ reports no evidence that systems outside the Oracle E-Business Suite were compromised.

What Information Was Exposed?

After a detailed data review concluded on December 1 2025, LKQ determined that files within the compromised system contained either the Employer Identification Number or Social Security number for certain sole-proprietor suppliers.

  • Employer Identification Number (EIN)
  • Social Security number (SSN)

LKQ’s Response

According to the breach notice filed with the Maine Attorney General, LKQ:

  • Immediately took the Oracle environment offline and contained the incident.
  • Engaged a third-party forensic firm to investigate.
  • Reinforced security practices and enhanced monitoring and controls.
  • Is offering affected suppliers two years of complimentary credit monitoring and identity-restoration services via Cyberscout.
Download Official Breach Notice (PDF)

Steps You Can Take Now

LKQ urges impacted individuals to:

  • Enroll promptly in the complimentary Cyberscout program to receive credit monitoring and identity-recovery assistance.
  • Remain vigilant by reviewing banking, credit-card, and other financial statements for unauthorized activity.
  • Check credit reports regularly and consider placing a fraud alert or security freeze if suspicious activity is detected.
  • Report suspected identity theft to local law enforcement.

Timeline of the LKQ Data Breach

  • Early October 2025 — Oracle discloses vulnerabilities; LKQ becomes aware of exploitation.
  • October 3, 2025 — LKQ contains system, engages forensic firm.
  • December 1, 2025 — Data analysis confirms EIN/SSN exposure.
  • December 15, 2025 — Breach reported to Maine Attorney General; consumer notices mailed.

Potential Legal Options

If your SSN or EIN was involved, you may be entitled to compensation for time spent monitoring accounts, out-of-pocket expenses, and future identity-theft risk. Class-action investigations focus on whether LKQ used reasonable security and provided timely notice under state and federal laws.

Company Overview

Below is a snapshot of LKQ to help recipients verify legitimacy of communications:

Frequently Asked Questions

I received a data breach letter from LKQ — what should I do?
Follow the enrollment instructions in the letter to activate free Cyberscout credit monitoring, then monitor financial accounts and credit reports for unusual activity.
How do I submit a claim related to the LKQ data breach?
Class-action investigations are ongoing. Keep your breach notice, proof of any fraud-related costs, and monitor legal news for lawsuit filings you can join.
Am I eligible to join a lawsuit against LKQ?
You are generally eligible if your SSN or EIN was exposed and you received a breach notification. Eligibility specifics will be outlined in any filed complaint.
What information did the LKQ breach expose?
The compromised Oracle system contained Employer Identification Numbers and/or Social Security numbers associated with certain sole-proprietor suppliers.
Did LKQ offer credit monitoring, and for how long?
Yes. LKQ is providing two years of complimentary credit monitoring and identity-restoration services through Cyberscout.
How can I get the official breach notice (PDF) for LKQ?
You can download the state-filed notice directly from the Maine Attorney General’s website using the link above.

Attorney Advertising. Prior results do not guarantee a similar outcome.

File Your Claim Now