Kyowon said on the 14th that a ransomware attack raised concerns that the personal information of 5.5 million customers was leaked. Ransomware is a cyberattack that encrypts systems and data and demands money in exchange for restoring them.
Kyowon issued a press release the same day and said, "The number of customers whose information was submitted to the Korea Internet & Security Agency (KISA) as leaked is 5.54 million." This figure excludes duplicate users among the eight affiliates hit by the hacking, including Kyowon Kumon Corp., Kyowon Tour, and Kyowon Life. The company currently operates 30 servers.
Kyowon said it confirmed in the afternoon the previous day that data had been leaked externally due to a ransomware attack that occurred at about 8 a.m. on the 10th and reported it to KISA.
To prevent secondary incidents and damage, it began follow-up measures, including: ▲ a full inspection of all enterprise systems ▲ a detailed analysis of security vulnerabilities ▲ strengthened 24/7 real-time monitoring of abnormal access and external connections ▲ a review and enhancement of the overall incident response process.
A Kyowon official said, "We will thoroughly review every step until the cause of the incident is clearly identified, and we will overhaul our security framework to prevent a recurrence," adding, "We will do our best to protect customers and restore trust."
The Cyber Terror Response Division of the National Office of Investigation (NOI) at the Korean National Police Agency launched a preliminary inquiry to understand the case. The Personal Information Protection Commission is examining the cause of the incident, whether personal information was leaked, and whether there were violations of the Personal Information Protection Act.