Ransomware Attack Suspected in Early Morning of January 10
Extortion Activity Noted in Incident Report
Personal Information of a Wide Range of Ages, from Preschoolers to Adults, at Risk
Major Disruption Expected if Data Breach is Confirmed
Kyowon Group, which operates businesses such as educational workbooks like Red Pen and Kumon, as well as funeral services and travel, has suffered a ransomware attack on its IT network.
Kyowon Group, which owns several subsidiaries and serves millions of members, is expected to face significant turmoil if a personal information leak is confirmed. This is because subsidiaries like Kyowon and Kyowon Kumon, which run educational workbook businesses, possess not only personal information of children and parents but also sensitive data such as card or account numbers required for tuition payments.
![[Exclusive] Kyowon Group Hit by Successive Affiliate Breaches... Also Faces Hacker Extortion (Comprehensive)](https://cphoto.asiae.co.kr/listimglink/1/2026011211043787446_1768183477.jpg)
According to The Asia Business Daily’s report on January 12, Kyowon Group was hit by a ransomware attack in the early morning of January 10, resulting in website access issues and internal system errors across all subsidiaries. According to the Korea Internet & Security Agency (KISA) incident report obtained by The Asia Business Daily, the attack involved an intruder penetrating the internal systems via an externally exposed server, leading to a widespread ransomware infection across the group’s subsidiaries.
The report details how the attacker used a server with an open external port as a foothold to further infiltrate internal systems, moving laterally through networks connecting the subsidiaries and spreading damage throughout the group. During this process, disruptions occurred in accessing key services and internal databases (DB).
The entities that reported the incident to KISA include Kyowon, Kyowon Kumon, Kyowon Wiz, Kyowon Life, Kyowon Tour, Kyowon Property, Kyowon Healthcare, and Kyowon Start One, meaning that most of Kyowon Group’s core subsidiaries were affected.
The report also states that there were extortion attempts following the ransomware infection, although the police have not yet been notified.
Due to this hacking incident, most of Kyowon Group’s IT networks, including its internal authentication and management system KSS (Kyowon Super Star), have been shut down and are currently inaccessible. As of this morning, the websites of Kyowon Group and its various subsidiaries displayed a service disruption notice stating, "Web services are not available due to unexpected disruptions."
Kyowon Group is currently working to restore its systems using backup data while also conducting a thorough analysis to determine if there has been any additional damage. KISA has also provided on-site technical support over the weekend. In a phone interview with The Asia Business Daily, Lee Donggeun, head of KISA’s Digital Threat Response Division, said, "At this point, we do not expect the damage to spread significantly," but added, "However, since system recovery can take time when disruptions occur, we need to wait a bit longer to fully understand the situation."
![[Exclusive] Kyowon Group Hit by Successive Affiliate Breaches... Also Faces Hacker Extortion (Comprehensive)](https://cphoto.asiae.co.kr/listimglink/1/2026011211050687450_1768183507.png)
In an official statement released this morning, Kyowon Group said, "At around 8 a.m. on January 10, we detected abnormal signs of an external cyber intrusion, suspected to be ransomware. Immediately after recognizing the incident, we reported the breach to KISA and relevant investigative agencies, and we are working with external security experts to precisely determine the cause and extent of the damage." The statement continued, "We are still verifying whether any personal information has been leaked. If a leak is confirmed, we will promptly and transparently inform customers and take all necessary protective measures in accordance with relevant laws and procedures."
In addition to funeral service provider Kyowon Life and educational workbook companies like Red Pen and Kyowon Kumon, Kyowon Group also operates subsidiaries such as Kyowon Invest (rental business) and Kyowon Tour. As a result, the company holds a vast amount of sensitive information, including personal data of members of all ages, years of learning history for children and adolescents, and travel and accommodation records. Concerns about potential leaks of children’s information are already growing in parent communities and online mom cafes.
So far, there is no evidence of a personal information leak, and no report has been filed with the Personal Information Protection Commission. However, since subsidiaries like Kumon and Red Pen hold large amounts of personal data on students and parents, industry experts say the possibility of a leak cannot be completely ruled out.
A Kyowon Group representative stated, "We deeply apologize for the concern this incident has caused our customers. Experts are currently working on rapid recovery and data integrity checks, and we will do our utmost to prevent a recurrence in the future."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![$29 Monthly Subscription AI Plant Appliance... US Startup Challenges LG [CES 2026]](https://cwcontent.asiae.co.kr/asiaresize/319/2026010819285284553_1767868133.png)
