Latest news with #KoreaInternet&SecurityAgency
Korea Herald
5 days ago
- Business
- Korea Herald
Yes24 CEOs apologize, offer compensation after 5-day ransomware shutdown
Yes24, Korea's largest online bookstore and a major player in the ticketing industry, has issued a formal apology from its CEOs and announced the first round of compensation measures following a crippling ransomware attack that shut down its entire system for five days. Co-CEOs Kim Seok-hwan and Choi Se-ra expressed deep regret on Monday over the disruption that began in the early hours of June 9, paralyzing all of Yes24's services, including its website, mobile app, book sales and event ticketing. 'We sincerely apologize to all our customers and partners affected by this unprecedented service outage,' the CEOs said. 'Yes24 has grown on a foundation of customer trust, and we take seriously the fact that this trust has been shaken. We are mobilizing all available resources to restore services and rebuild that trust.' As part of its initial compensation plan, Yes24 announced the following measures. Customers who were unable to attend performances due to failed ticket reservations will receive a refund equivalent to 120 percent of the ticket price, issued as store credit by June 20. Customers who experienced delays in book shipments will receive 2,000 reward points, usable like cash on the platform. Expired gift certificates and discount coupons affected by the service outage will be extended. The company added that additional compensation plans would be announced via its official website. Yes24 also pledged to strengthen its cybersecurity framework. The joint CEOs stated that the company would 'review the entire security infrastructure from the ground up,' establish an external advisory group for security oversight, and expand its cybersecurity budget to enhance resilience and operational reliability. In its handling of the crisis, Yes24 has faced criticism for sluggish and inconsistent communication. Although the outage began early Monday, the company did not confirm it was a ransomware attack until Tuesday, initially attributing the issue to 'system maintenance.' In addition, while Yes24 claimed to be working closely with the Korea Internet & Security Agency (KISA), the agency later stated that no formal request for technical support had been made and that only verbal briefings were provided during site visits. Yes24 later said there had been "internal miscommunication," explaining that while KISA had visited its headquarters twice, on June 10 and 11, the company was focusing on restoring services as a top priority, and formal collaboration was only discussed after those visits. The company added that it officially requested technical support from KISA on Thursday, after which a KISA investigation team visited and launched a joint probe. As of Tuesday morning, major services have been restored, though the English and Chinese-language stores and user reviews on My Page remain unavailable.
Korea Herald
12-06-2025
- Entertainment
- Korea Herald
Yes24 down for third day, as ransomware attack disrupts major ticketing, book retail platform
Yes24, the country's largest online book retailer and a major ticketing platform, remained inaccessible for a third consecutive day Wednesday, following what the company confirmed was a ransomware attack. The outage, which began in the early hours of Monday, brought down all of Yes24's services, including book searches and orders, e-book access, digital library functions, community forums, and concert and performance ticketing. The homepage displayed an apology: 'We sincerely apologize to all users for the inconvenience caused by service access errors.' A Yes24 official told The Korea Herald on Wednesday there were 'no further updates yet" and that they are "working to restore the site as soon as possible, within this week." In a statement issued Tuesday afternoon, Yes24 said its system became inaccessible around 4 a.m. Monday due to a ransomware attack. 'Immediately following the incident, we implemented enhanced security measures and reported the matter to the relevant authorities, including the Korea Internet & Security Agency,' the statement read. 'We are currently working to determine the exact cause of the disruption and the extent of the damage.' The company added that internal investigations confirmed there was no breach or loss of customer personal data or order information. Concerts, fan events and musicals caught in limbo The outage triggered widespread disruption across the country's entertainment industry. With the platform down, both fans and entertainment companies were left scrambling. The music festival "Beautiful Mint Life," scheduled to take place Friday through Sunday at Olympic Park in Seoul, announced via social media that due to current access issues, ticket holders unable to cancel their reservations will be allowed to do so without any cancellation fees. Blacklabel, the agency representing actor Park Bo-gum, announced that presale tickets for his 2025 'Be With You' fan meeting in Seoul would be postponed. Belift Lab, which manages the boy band Enhypen, said it canceled its offline fan signing event for the group's new album 'Desire: Unleash' due to the system crash. KQ Entertainment also delayed ticket sales for Ateez's upcoming concerts in Incheon, scheduled for July 5-6. Meanwhile, the agency for rapper B.I postponed fan club presales for his 'Last Paradise Tour,' originally set to begin Monday. The disruptions extended to musical theater as well. Shownote, the production company behind the musical 'The Bridges of Madison County,' announced via social media that ticket holders who purchased tickets through Yes24 could still receive tickets if they presented proof of reservation, including seat details. The Korean production company behind 'Aladdin' issued a similar notice, asking audience members to bring either a printed or emailed copy of their reservation showing their seat details. Without seating information, audience members may not be allowed to enter the venue. Several people were reportedly turned away from performances Tuesday when they were unable to provide verifiable ticket information from the Yes24 system. As of press time Wednesday, further disruptions were expected for upcoming performances.
Korea Herald
11-06-2025
- Entertainment
- Korea Herald
Ransomware attack disrupts major ticketing, publishing platform
Yes24 down for third day, triggering ripple effects across entertainment industry Yes24, the country's largest online book retailer and a major ticketing platform, remained inaccessible for a third consecutive day Wednesday, following what the company confirmed was a ransomware attack. The outage, which began in the early hours of Monday, brought all of Yes24's services down, including book searches and orders, e-book access, digital library functions, community forums, and concert and performance ticketing. The homepage displayed an apology: 'We sincerely apologize to all users for the inconvenience caused by service access errors.' In a statement issued Tuesday afternoon, Yes24 said its system became unavailable around 4 a.m. Monday due to a ransomware attack. 'Immediately following the incident, we implemented enhanced security measures and reported the matter to relevant authorities, including the Korea Internet & Security Agency (KISA),' the statement read. 'We are currently working to determine the exact cause of the disruption and the extent of the damage.' The company added that internal investigations confirmed there was no breach or loss of customer personal data or order information. A Yes24 official told The Korea Herald there were 'no further updates' as of Wednesday morning. Concerts, fan events and musicals caught in limbo The outage triggered widespread disruption across the country's entertainment industry. With the platform down, both fans and entertainment companies were left scrambling. Blacklabel, the agency representing actor Park Bo-gum, announced that presale tickets for his 2025 'Be With You' fan meeting in Seoul would be postponed. Belift Lab, which manages the boy band Enhypen, said it canceled its offline fan signing event for the group's new album 'Desire: Unleash' due to the system crash. KQ Entertainment also delayed ticket sales for Ateez's upcoming concerts in Incheon, scheduled for July 5-6. Meanwhile, the agency for rapper B.I postponed fan club presales for his 2025 'Last Paradise Tour,' originally set to begin Monday. The disruptions extended to musical theater as well. Shownote, the production company behind the musical 'The Bridges of Madison County,' announced via social media that ticket holders who purchased through Yes24 could still receive tickets if they presented proof of reservation, including seat details. The Korean production company behind 'Aladdin' issued a similar notice, asking audience members to bring either a printed or emailed copy of their reservation showing their seat details. Without seating information, entry could be restricted at the venue. Indeed, several audience members were reportedly turned away from performances Tuesday after failing to provide verifiable ticket information from the Yes24 system. As of press time Wednesday, further disruptions were expected for upcoming performances. Yes24 said in its notice that refund policies and additional compensation would be announced separately as soon as possible.
Korea Herald
26-05-2025
- Business
- Korea Herald
Major S. Korean firms spend annual average of W2.9b on cybersecurity
South Korea's major companies spent an average of 2.9 billion won ($2.1 million) per year on information protection, industry data showed Monday. According to data from the Korea Internet & Security Agency and other sources, 10 local companies each invested over 100 billion won in cybersecurity over the past three years. Samsung Electronics Co. topped the list, spending a total of 712.6 billion won from 2021-2023, followed by telecom giant KT Corp., which invested 327.4 billion won during the same period. SK Telecom Co., the country's largest mobile carrier that recently suffered a large-scale data breach, came in third with 251.5 billion won in spending. Other companies in the top 10 include Coupang Inc., SK hynix Inc., LG Uplus Corp., Samsung SDS Co., Woori Bank, Naver Corp. and LG Electronics Inc. In 2022, the South Korean government mandated that companies operating network infrastructure or generating over 300 billion won in annual sales disclose their cybersecurity investment. A total of 746 companies reported their spending on information protection for 2023, investing a combined 2.1 trillion won, up from 1.5 trillion won by 658 firms in 2021. The average annual spending per company increased 24.5 percent from 2.3 billion won in 2021 to 2.9 billion won in 2023. However, experts warn that many South Korean firms remain highly vulnerable to cyberattacks due to relatively weak security capabilities. "In terms of investment, most companies in Korea have far lower security capabilities than SK Telecom, which was the latest victim of a cyberattack," one industry insider said. "Many are more vulnerable to advanced hacking techniques, and some may have already been breached without even knowing it. Companies need to stay alert and undergo thorough security checks." (Yonhap)
Korea Herald
21-05-2025
- Korea Herald
[Editorial] Hole in cybersecurity
SK Telecom breach dates back 3 years; Malware indicates China-based hacking The nation was jolted by interim probe findings that personal information and universal subscriber identity module or USIM data of practically all subscribers of SK Telecom may have been leaked by hackers. The cyberattack dated back about three years and turned out to be much more extensive than revealed in the initial briefing, according to the second briefing Monday by a joint investigation team of the Ministry of Science and ICT and the Korea Internet & Security Agency. SK Telecom discovered the breach about a month ago, on April 18. Leaked USIM data amounted to 9.82 gigabytes. which equates to roughly 26.9 million units of international mobile subscriber identity or IMSI numbers. This means that the USIM data of practically all SK Telecom subscribers has been leaked. Currently, it has 25 million subscribers, including 2 million budget phone users. A total of 23 SK Telecom servers were found to be compromised by malware, up from the five disclosed in the previous briefing held on April 29. The number of malware variants found to have infected the servers increased from four to 25. Among the affected servers, two had been used as temporary storage for personal data, such as names, birthdates, phone numbers and email addresses, as well as data on international mobile equipment identity or IMEI, a serial number assigned to every mobile phone. The possibility of financial fraud and other forms of secondary damage from copy phones has gone up. Investigators found that hackers planted malware on June 15, 2022. It is shocking that not only the telecom carrier but also the government and private cybersecurity firms had remained in the dark about the malware's infiltration for about three years. There is another problem. How much damage the cyberattack will cause down the road is anyone's guess. SK Telecom reportedly keeps log data for the last four or five months. So, no log data is available for the period from June 15, 2022, when malware was first planted, to Dec. 2, 2024. Fortunately, no evidence was found showing any data leakage between Dec. 3, last year and April 24 of this year, but investigators could not confirm whether any leaks occurred during the period for which log data is not available. It is worth noting that 24 of the 25 malware variants detected this time were found to be BPFDoor, a backdoor reportedly used by China-based hackers to attack Middle Eastern and Asian telecom companies in recent years. Experts warn that this malware could be used for a cyberattack on the communication infrastructure of a country. Given that data on all SK Telecom subscribers may have been leaked for as long as three years, the breach is not likely to emerge as a simple hacking case. It is uncertain whether the incident was an organized cyberattack to cripple the communication system of a country rather than an attempt to steal money. Considering the cyber intrusion was not detected for so long, anybody can guess a similar thing may be happening at other communication networks or major institutions. Communication infrastructure is one of the cruxes of state administration. Cyberattacks could paralyze it secretly, plunging a nation into chaos. The SK Telecom breach reconfirms how vulnerable South Korea has become to such vital attacks. SK Telecom bears the primary responsibility for protecting its system from hacks, but the government needs to check the nation's cybersecurity this time. Also, the National Assembly should do its part to help telecom carriers fend off cyber infiltrations from abroad. One of the laws that it needs to revise is its espionage law, which only punishes spying activities done for North Korea. Recently, two Chinese nationals were caught photographing fighter jets near air bases in South Korea but released after telling police that photographing was their hobby. Police say there was no evidence that they did so for North Korea. China or the US would likely respond quite differently. For a nation to keep its sovereignty, security must be tight, cyber or not.
