Suspected ransomware attack threatens one of South Korea’s largest companies

Kyowon Group, one of South Korea’s largest education and lifestyle companies, announced shutting down key parts of its internal computer network this weekend following what it described as a suspected ransomware attack.

In a company statement, Kyowon said it identified abnormal activity on Saturday morning, triggering an emergency response plan to isolate the affected servers and prevent hackers compromising more of its systems.

The conglomerate — which is owned by Chang Pyung-soon, one of South Korea’s richest people — said it has “confirmed indications that some data may have been leaked externally due to a ransomware attack. Whether the affected data includes customer information is currently under investigation.”

Since the shutdown, several websites for its affiliate businesses — including its education and travel subsidiaries — have been left inaccessible as the company says it is working to securely restore systems.

Kyowon said it had taken its network offline to “stabilize services and prioritize customer protection” while working with what it described as “professional security personnel” and the relevant government agencies to investigate “the cause of the breach, the scope of its impact and whether any data was affected.”

The hackers behind the attack have issued Kyowon with an extortion demand, reported The Asia Business Daily. There are concerns that a data breach at the company could impact several million individuals, with data including the names and addresses of children who use its educational services, as reported by Chosun.

The company said it reported the security breach to the Korea Internet & Security Agency (KISA) and other investigative authorities shortly after identifying the problem.

“If further investigation confirms that customer information has been leaked, we will notify affected customers promptly and transparently,” states a banner on the conglomerate’s website.

It follows a recent scandal in Seoul over a data breach affecting the country’s largest online retailer, Coupang, reportedly caused by a former employee who has since fled to China.

That was the latest high-profile data breach to have affected South Korean companies, with 27 million customers of SK Telecom and 3 million customers of Lotte Card informed of incidents last year. South Korean officials have pledged to strengthen the country’s data protection laws and introduce harsher penalties for companies that fail to protect customer data.