Kyowon Hit by Ransomware Attack, Data Stolen
▼ Summary
– South Korean conglomerate Kyowon Group disclosed a ransomware attack that disrupted operations and may have exposed customer information.
– The attack occurred in January, with hackers exfiltrating data from the company’s systems, impacting a large portion of its servers.
– Kyowon is investigating the data leak with authorities but has not yet confirmed if customer information was specifically compromised.
– The company is working to restore its online services, which had experienced outages due to the cyberattack.
– This incident is part of a recent series of large-scale cyberattacks on major South Korean companies, including Coupang, Korean Air, and SK Telecom.
A major South Korean conglomerate has confirmed a disruptive ransomware attack that resulted in data theft, raising concerns for millions of customers. The Kyowon Group, a prominent company in education, publishing, and hospitality, announced this week that its systems were compromised. The incident, which occurred in January, led to service outages and the confirmed exfiltration of information from company servers.
While the full scope is still under investigation, initial reports from Korean media suggest the attack affected approximately 600 of the company’s 800 servers. With over 9.6 million registered accounts, representing about 5.5 million individuals, there is significant potential for a large-scale data exposure. The company has engaged with Korea’s Internet & Security Agency (KISA) and external cybersecurity experts to determine exactly what information was taken and whether it includes sensitive customer details.
In its latest public statement, Kyowon acknowledged the data leak but stopped short of confirming that personal customer information was part of the stolen material. The company has pledged to provide transparent updates as the forensic investigation progresses. Concurrently, technical teams are in the final stages of restoring the online services that were disrupted by the attack. As of now, no prominent ransomware groups have publicly taken responsibility for the breach.
This incident continues a troubling pattern of significant cyberattacks targeting major corporations in South Korea. Just months earlier, in December, retail leader Coupang reported a breach affecting 33.7 million customers. National carrier Korean Air also disclosed a cybersecurity event that compromised employee data. Furthermore, SK Telecom revealed in May that a long-running malware infection, dating back to 2022, had exposed the USIM data of 27 million mobile subscribers. Around the same period, the Korean operations of luxury brand Dior notified customers of a security incident involving their order information. The Kyowon attack underscores the persistent and severe threat landscape facing the region’s business sector.
(Source: Bleeping Computer)
