Yes24 Reports Ransomware Attack on June 9
Homepage Notice States "System Check in Progress"
Authorities Struggle to Investigate Amid Lukewarm Response
It has been confirmed that Yes24, which positions itself as a cultural content platform, reported a hacking incident to authorities but failed to properly inform the public about the matter.
According to materials submitted by Representative Choi Sujin of the National Assembly's Science, ICT, Broadcasting and Communications Committee, which were provided by the Korea Internet & Security Agency (KISA), Yes24 suffered a ransomware attack around 4:00 a.m. on June 9, 2025, and reported it to KISA immediately afterward.
However, Yes24 did not notify its users of this fact and posted a notice on its homepage stating, "We are currently conducting a system check to provide better service." When asked by Asia Economy about the possibility of hacking, the company responded, "It was definitely not a hacking incident. We are currently recovering from an internal system failure." Yes24 also announced that it would disclose the expected recovery date and compensation measures in the afternoon of June 10, 2025, but only acknowledged the ransomware attack after media reports revealed the hacking, stating, "We apologize for the delay in providing a detailed explanation due to the urgent recovery process," and admitted to being a victim of ransomware.
Amid concerns about the potential leakage of user personal information due to the hacking, Yes24 explained, "We have confirmed that there has been no leakage or loss of members' personal information, and all data, including order information, is being securely maintained."
This is not the first time an online bookstore has fallen victim to ransomware. In 2023, the online bookstore Aladin was hacked, resulting in the leakage of approximately 720,000 e-books, with 5,000 of them being widely distributed through platforms such as Telegram, causing extensive damage. At that time, the Korean Publishers Association led post-incident recovery efforts and even conducted mock hacking demonstrations to prevent recurrence. However, Yes24 was reportedly lukewarm in responding to the association's request for cooperation. A representative from the association explained, "At that time, Yes24 did not respond to the association's request for cooperation, which raised concerns about potential hacking damage," and added, "Even in the current situation, Yes24 has not provided meaningful responses to the association's inquiries, making it difficult for the association to take action."
This lukewarm attitude is reportedly hindering recovery efforts for the current incident as well. According to Representative Choi's office, KISA reported that it faced limitations in accessing information necessary for investigating the incident because Yes24 did not consent to technical support related to the cyberattack.
Yes24 stated that once service access is restored, it will announce compensation measures based on the specific scope of the damage and will also provide individual guidance to affected users.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
