Following YES24 and SGI Seoul Guarantee, Welcome Finance Group was also attacked by ransomware, leading to the leakage of internal information.
According to the financial sector on the 18th, Welix F&I Lend, a lending company under Welcome Finance Group, was recently targeted by a ransomware attack from an overseas hacker organization. The company is currently verifying whether customer personal information has been leaked due to this attack. Welcome Finance is assessing whether there has been any hacking damage to its other affiliates.
A Russian hacker organization claimed through the dark web that they were behind this hacking. The group stated, "We have all customer databases of Welcome Finance," and noted, "There is a lot of information, including customer names and birthdates, home and office addresses, accounts, emails, etc." They also mentioned, "Welcome Finance was irresponsible in protecting important information," and posted materials presumed to be internal documents as examples.
Ransomware refers to programs that infect and encrypt internal files of computers or servers. Hackers demand payment in exchange for restoring the infected files to their normal state.
However, Welcome Finance believes that the documents posted as examples are not customer information but rather meeting materials. Welcome Finance explained that there has been no damage reported to its core affiliate, Welcome Savings Bank, to date. The savings bank's server is separated from other affiliates, ensuring that customer information is safe.
Earlier, SGI Seoul Guarantee also suffered a hacking attack last month. SGI Seoul Guarantee restored its computer system on the 17th of last month, three days after a system failure occurred. A ransomware group that claimed responsibility for the hacking at that time stated that it had stolen major databases; however, SGI Seoul Guarantee denied any signs of information leakage.