- API Penetration Testing

Top 15 Cybersecurity Breaches in South Korea

Learn about the state of cybersecurity in South Korea and the 15 biggest breaches in this country.
Known as one of the most powerful tech hubs, the companies and enterprises in South Korea have become one of the most tempting targets for criminals. Similar to other digital countries, over the last years there is an increasing tendency for regular cyber attacks against private businesses and public infrastructure, and governmental institutions. Since 2017, the number of recorded incidents against private businesses has increased by 119.5%, which exposes a serious problem of digital security in South Korea.

In 2021, there were over seven thousand cases of online hacking across the country, 9 out of 10 cases being conducted through malicious code hidden infections. Of course, compared to the statistics reported in the US, Canada, or Europe, these numbers are comparatively small. Nevertheless, most of the cyber attacks in South Korea hit the performance of hundreds of in-country and international businesses, causing significant damage to their reputation and capital losses.

Therefore, more and more companies start questioning: what precautions can assist in avoiding cyber incidents, how to protect their internal and external systems from the various attacks, and prevent those from affecting their performance, revenues and authority.

Learning from the experience of other businesses is one of the most effective approaches to detecting and eliminating the existing vulnerabilities and getting ready for the possible scenarios of hacking attacks. In this article, we'll discuss the most notable cases of security breaches in South Korea, explaining their nature and specific outcomes for the affected companies and enterprises. This will give you a better understanding of the key strategies used, as well as the list of security vulnerabilities that are the most enticing targets for criminals.
#1 A Massive Data Heist Affected South Korean Users of Nate and Cyworld
In July 2021, authoritative news outlets reported a large-scale data leak, originating from Nate - one of the most popular search engines in South Korea - and Cyworld - the country's largest social networking site. According to the incident details, over 35 million users had some of their personal information stolen by hackers allegedly traced to China.

The stolen data contained users' names, phone numbers, email, resident registration numbers, and passwords, though the resident registration numbers and passwords were claimed to be encrypted.

After the security incident was confirmed, the affected customers were informed immediately, after the CEO of SK Communications pointed out the company has taken all the necessary measures to minimize the impact and retrieve customer data in cooperation with the authorities.
#2 Credit Card Information of 20 Million South Koreans Stolen
A massive leak of banking information of over 20 million people occurred in January 2014, by a computer contractor working for a "Korea Credit Bureau" company that produces credit scores. The detailed investigation has uncovered the scale of a heist, as well as the details of the stolen data: it included the names, social security numbers, and credit card details of over half of the population in South Korea!

According to the official sources, the data has been simply copied to a USB stick, as it was unencrypted. The data theft remained undetected before the investigation revealed the fact of this incident.

After discovery, three firms - KB Kookmin Card, Lotte Card, and NH Nonghyup Card - claimed they will cover the financial losses caused to their customers. Both parties responsible for that crime, the contractor and marketing managers, who allegedly bought the data, were arrested.
#3 South Korean Telecom Provider Reported a Data Compromise of Over 12 Million Customers
KT Corp, one of the largest telecommunications providers in South Korea reported a serious data breach, resulting in a personal information leakage of over 12 million of its customers in March 2014. The incident occurred a year earlier in February 2013, according to the official police statements.

The third-party breach was conducted through a custom malicious program that enabled hackers to log into the website and extract information by randomly inserting nine-digit verification numbers. Thus, criminals obtained personal data that contained the customers' names, resident registration numbers, places of employment, and bank account details.

As of the time of the incident, the overall estimated profit from the data sold was $10.8 million. So far three indicted frauds, two hackers, and a telemarketer were arrested in connection with the case, while the company itself worked to minimize damage to customers and eliminate the results of this incident.
#4 South Korean Credit Card Firms Suspended Over Data Breach
For decades, the financial industry has been always an enticing target for cybercriminals, as it opens up a wide range of manipulation areas, from blackmailing to the direct embezzlement of private funds.

One of the most infamous examples of such incidents in South Korea occurred in February 2014, when the South Korean Financial Supervisory Commission (FSC) stopped the activity of three credit card issuers (KB Financial Group, NongHyup Financial Group, and retailer Lotte Group) for the term of three months. All three companies were fined $5,640 for the insufficient security of their internal systems.

According to the official information, the firms failed to prevent a high-profile data breach resulting in the theft of banking information of as many as 104 million cards. The stolen data also included email and residential addresses as well as id cards and telephone numbers, which the FSC condemned as severe neglect of the legal duties aimed at preventing customer information leakage.

The previous estimations indicated that the financial data of at least 20 million people were sold to marketing firms after the breach. Since South Korea has one of the highest rates of credit card use, the data theft of personal information affecting over a quarter of the country's population is no small cybercrime!
#5 Medical Information of Over 43 Million South Koreans Leaked
Personal data of over 43 million South Korean citizens, which accounts for more than 90% of its total population), was leaked to the US-based multinational firm, IMS Health Korea. This became known in July 2015, after the news of IMS Health raised over $5.2 billion in profit by selling the report based on the collected data to Korean pharmaceutical companies. The 2011 law on personal information protection forbids any usage of personal data and medical information without consent.

According to the investigation details, the company responsible for the data leakage was specializing in developing medical fees settlement software applied by hospitals and the Korea Pharmaceutical Information Center. A joint team of 24 people from the target institution handled the private patient's records and prescribed medication for the sum of over 10 billion won (US$8.59 million). IMS Health, in turn, sold the processed information to pharmaceutical companies, which was based on patients' personal information such as sex, age, disease, and region.
#6 South Korea's Largest Travel Agency Suffered a Major Security Breach
Hanatour, the largest and most reputable travel agency in South Korea fell victim to a serious cyberattack, resulting in data theft of over 1 million users. According to the local news, criminals demanded a one-time ransom payment to their Bitcoin wallets in return for not leaking the data.

Once the incident was discovered, the company immediately notified its clients and the public that employees' computers had been breached by a group of hackers with sophisticated phishing attacks and malware. The stolen data contained information about the names, mobile phone numbers, social security numbers, home addresses, email addresses, and telephone numbers of its clients.

Additionally, according to the local regulations, Hanatour has informed the corresponding regulatory authorities about the attack and started collaborating with government agencies and cybersecurity companies to investigate the cause and damages of this breach.

It's still unclear whether the company has paid the Bitcoin ransom to secure the leaked information of users, but the risks of this data being sold on dark web marketplaces are extremely high.
#7 The Defense Ministry of South Korea Reported a Data Theft
In October 2018, the South Korean Ministry of National Defense reported one of its agencies fell victim to a major hacking attack. The breached organization is South Korea's Defense Acquisition Program Administration (DAPA), an agency that oversees weapons and munitions acquisitions.

Due to this cyber incident, hackers managed to gain illegal access to over 30 computers from the internal system, stealing data from at least 10 of them. According to the reports, the stolen documents contained information about the arms procurement for the country's next-generation fighter aircraft.

The internal investigation has showcased the hackers gaining access and siphoning files from connected workstations. According to the official documentation, criminals breached the server through the vulnerability of the security program – "Data Storage Prevention Solution," the pre-installed app, aimed to prevent sensitive documents from being downloaded and saved on internet-connected PCs. The files were siphoned from connected workstations.

Despite the experience from previous incidents, Government officials didn't pin the blame on North Korean hackers, which regularly launch cyber-espionage and intelligence collection attempts.
#8 South Korean Submarine Builder Suffered from a Repeated Breach
The incident targeted Daewoo Shipbuilding & Marine Engineering, the country's only submarine builder in a series of hacking attacks in June 2020, with some data being stolen, according to government sources. It is believed the hackers were from North Korea, but Seoul doesn't reveal the details about the hacking perpetrators.

Due to the details of the investigation, some of the stolen files included plans for a nuclear-powered submarine that DSME and the South Korean Navy had been working on for the past few years. It's also worth mentioning that this wasn't the first incident that North Korean hackers are suspected of targeting submarine-related files: similar incidents took place between July 2014 and March 2016. Then hackers managed to breach two South Korean telecom companies and pivoted to 160 companies that used DSME servers.
#9 Scatter Lab Was Accused of Illegal Using Personal Information
In the summer of 2021, Seoul-based startup Scatter Lab was ordered to pay $92,900 in penalties and a $36,600 administrative fine for the indiscriminate use of personal information by companies using AI technology. The company used the client data to develop an artificial intelligence-driven chatbot service called "Lee Luda."

According to the incident details, Scatter Lab was accused of using about 600,000 people's KakaoTalk conversations collected from its emotional analysis apps Science of Love and Text At. Moreover, the affected users included about 200,000 children under the age of 14, of course, no permission from their parents or guardians was obtained.

As a result, the company has got financial and reputational losses, while making a great focus on the responsibility for the data companies create, provide, collect and use in the development process.
#10 South Korea's Nuclear Research Agency Reported a Hacking Attack Through the Internal VPN
Korea Atomic Energy Research Institute, or KAERI, disclosed serious unauthorized access through its VPN system. The breach was first denied but after the official statement and press conference, KAERI confirmed the attack in June 2021.

As a result of an incident study, the North Korean threat actors were revealed to be responsible for the breach. The hackers gained access to the internal network using the existing VPN system vulnerability. One of the 13 unauthorized IP addresses was linked to a North Korean state-sponsored hacking group known as 'Kimsuky'.

After the incident was revealed, KAERI responded they started an independent investigation of the attack to estimate what data has been accessed.
#11 A Major Data Breach of McDonald's in South Korea and Taiwan
In June 2021, the world's biggest burger chain McDonald's reported a cyber incident that enabled access to a "small number" of customer data in subsidiaries in South Korea and Taiwan. According to the official sources, during the breach, criminals accessed only the customer emails, delivery addresses, and phone numbers, but no banking information was disclosed. At the same time, it is also said that the personal data of their employees was also accessed by hackers, though the fast food firm hasn't clarified the countries that have been affected.

According to the Wall Street Journal, the system breach was first noticed during an external investigation due to unauthorized activity on the internal network. After the incident was discovered, the company reassured their departments that they are taking steps to "notify regulators and customers listed in these files". The company has also said that its "substantial investment" in cyber security helped to quickly identify the incident and eliminate the existing issue.
#12 Chanel Reveals a Serious Data Leak in South Korea as a result of a Cyberattack
Another world-famous brand, Chanel, fell victim to a serious cyberattack in August 2021, confirming a major data leak of sensitive customer data in South Korea. A comprehensive investigation of the current data leak has revealed the personal information of some clients in Chanel's internal system has been accessed.

According to the previous information, the breached database stored customer names, birth dates, phone numbers, and shopping histories. The company has also stressed that the hackers didn't manage to obtain either the credit card information or personal login credentials.

Once the incident was revealed, the company's representatives in South Korea reported to government authority KISA which is undertaking a further investigation. At the same time, Chanel's subsidiaries have engaged an independent cybersecurity firm to conduct an investigation and ensure that no other systems or data were affected. Moreover, the company also confirmed it'll reach out to all the affected clients by email and text message to give instructions on further actions.
#13 Facebook Was Fined Due to Damages Over Personal Data Breach
In October 2021, the South Korean state watchdog on personal information protection (PIPC) suggested Meta Platforms (ex. Facebook) pay 300,000 won ($256.70) in compensation to 181 users demanding damages for the provision of their personal information to third parties without consent.

The incident happened when the company was revealed in passing personal data of at least 3.3 million of its total 18 million Korean users between May 2012 and June 2018. According to the details of this case, the leaked data included the list of the user's Facebook friends. The affected users collectively filed for a damage relief process with the PIPC in April, seeking financial compensation and the disclosure of information on the parties that leaked personal data and those who accepted it.

So far, the social platform giant was fined $5 million for privacy law violations at that time, according to Yonhap news agency.
#14 Samsung Electronics Admits a Massive Attack on Its Servers
A corresponding statement regarding this case has been released by Samsung Electronics company in March 2022. According to the sources, the responsibility for the attack was taken by a global hacking group, Lapsus$.

Over 190 GB of stolen data included some source codes for Galaxy smartphones, but no personal information about employees and customers was leaked. Lapsus$ hacking group has posted the data on the file-sharing program Torrent. After the incident was discovered, the company informed the Korea Internet & Security Agency (KISA) of its damage, highlighting the multi-aspect measures conducted to prevent any other leakages and protect their employees and customers.
#15 Dodo Point Loyalty Platform Exposed 1 Million Customers' Personal Data
In March 2022, Dodo Point, a South Korean "loyalty platform" solution based on outlet retention, exposed over 38 GB of customer records, affecting over a million unique customers and over 5,000 stores across the entire bucket. Dodo Point provides each client store with the app solution on a point-of-sale device, while customers can use it to sign up for a store's loyalty program and enjoy benefits in retail outlets such as cafes, restaurants, beauty salons, and more.

According to the investigation reports, the files included personal customer data, clients' monthly reports, and payment details. It's still unclear whether any malicious actors accessed Dodo Point's open bucked, so there can be several security risks that can potentially hit the company (or have already done it). It includes privacy violations, phishing and scams, and industrial espionage.

As of May 2022, Dodo Point's open bucket was secured, but several official sources reported the incident was disclosed after more than a month of the sensitive data being left unsecured.
Having discovered the most notable cyber incidents across different industries, you can now get more insights of what are the common tactics used by hackers, as well as determine the specific vulnerabilities they're targeting to access sensitive data or environments.

We hope that the infamous experience of different companies and enterprises in South Korea has helped you to build a powerful strategy on how you can timely and effectively react to the related incidents and create a powerful strategy for enhancing the internal and external security of your business.

Already have some ideas on what aspects can strengthen your company's security in digital? Start the changes with the Cyberlands team and gain business profits right away! Team