Two teenagers suspected of breaking into the server of Seoul's public bicycle service "Ttareungi" and leaking personal information have been caught by police.
The Seoul Metropolitan Police Agency's cyber investigation unit said on the 23rd it apprehended a teenage boy, A, and a teenage boy, B, on suspicion of violating the Act on Promotion of Information and Communications Network Utilization and Information Protection, and referred them without detention.
A and B are suspected of breaking into the Ttareungi server operated by Seoul Facilities Corporation between June 28 and June 29, 2024, and leaking about 4.62 million pieces of personal information such as subscriber IDs and mobile phone numbers.
B is also suspected of disrupting equipment lending operations by sending some 470,000 signals in a so-called "DDoS attack" to the server of another shared mobility rental company between Apr. 9 and Apr. 13, 2024.
Police launched an investigation at the end of Apr. 2024 following a complaint about the DDoS attack from a shared mobility rental company. In early Oct. of the same year, they identified and apprehended B as a suspect and seized electronic devices.
A digital forensics analysis confirmed a file that appeared to be personal information leaked from the Ttareungi server, and investigators continued to pursue accomplices from July last year. After tracking a Telegram account, in January this year suspect A was identified as the main perpetrator of the Ttareungi personal information leak.
Police searched and seized A's electronic devices and twice sought an arrest warrant for A, but said the prosecutor did not file for the warrant, citing factors including that A is a juvenile offender. They said all Ttareungi subscriber personal information files have been recovered.
Police said they will work with the Personal Information Protection Commission to devise measures to prevent a recurrence and will do their best to prevent secondary damage.
Separately, an inquiry before booking is underway into a case in which the Seoul Metropolitan Government asked for an investigation of a Seoul Facilities Corporation official on charges including violating the Personal Information Protection Act in connection with this personal information leak.
A Seoul Metropolitan Police Agency official said, "With various personal information leaks occurring recently, we ask that you take special care to prevent harm by being cautious about contacts or requests for financial transactions from unclear sources," and added, "If a criminal attempt is identified, please report it promptly to investigative authorities to receive assistance."