Yes24 Hacking Disruption Continues for Four Days
Controversy Over False Explanations
Investigation Underway Into Possible Personal Data Breach
KISA: "Yes24 Refused to Cooperate"
Restoration on June 12 Also Uncertain
As the online bookstore Yes24 continues to experience service disruptions for the fourth consecutive day due to a ransomware hacking attack, controversy is growing over the company's alleged deception of its users. Instead of providing proper guidance, Yes24 has been preoccupied with concealing the hacking incident, resulting in a wave of damages such as the forced cancellation of event reservations and the postponement of concerts. Furthermore, the company has maintained a passive attitude toward government support for hacking victims, which has fueled additional controversy over its false explanations.
On the afternoon of June 11, Yes24 released a second official statement, explaining, "According to our investigation so far, there has been no leakage or loss of any critical data, and all data is confirmed to be intact." The company added, "Currently, Yes24's Chief Security Officer Kwon Minseok and the relevant departments are working closely with KISA to analyze the cause and carry out restoration efforts. Server backups have been completed, and recovery work is underway based on these backups." It is reported that Yes24's Chief Security Officer Kwon Minseok and an IT security team of about 10 people are currently conducting the recovery process.
However, the Korea Internet & Security Agency (KISA) has stated that Yes24's claims are not consistent with the facts. According to KISA, its ransomware experts visited Yes24 headquarters twice, on June 10 and 11, to assess the situation, but Yes24 did not cooperate with KISA's technical support. Aside from a verbal briefing on June 10, there was no further confirmation or joint investigation with Yes24.
A KISA official explained, "When an information security incident occurs, it must be reported to KISA within 24 hours. The purpose of the report is for us to provide technical support and help with recovery. However, Yes24 preferred to resolve the issue internally. Since support is optional, we cannot force it. While it is true that we visited twice, we were not allowed on site and could not even collect evidence. We plan to continue requesting cooperation to ensure a thorough analysis of the incident."
The possibility of user personal information leakage, which Yes24 previously dismissed, is now being raised. The Personal Information Protection Commission has launched an investigation into a potential data breach at Yes24. When Yes24 was hit by the ransomware attack on June 9, the company detected unusual attempts to access user information from external sources, but internally judged the risk of leakage to be low. A Yes24 representative stated, "There were abnormal attempts to access information, but since there are no log records, we believe no actual data leakage occurred." However, the Personal Information Protection Commission is considering the possibility of a leak and is investigating the circumstances, the scale of the damage, and whether required safety measures were followed.
Regarding compensation, Yes24 has only issued a general statement that it is "under review." According to the company, compensation was discussed in department meetings on June 10 and in a company-wide meeting on June 11. However, Yes24 merely announced, "We will provide detailed compensation plans for each affected group through public notices and individual notifications in the future," which has heightened user anxiety.
It is also reported that the guidance about sequential service restoration starting June 12 is unlikely to be realized. A source familiar with Yes24's internal situation said, "Even the plan for sequential restoration on June 12 is uncertain. Only a small group of people have access to information internally, so even internal sharing is not happening properly."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
