Was Customer Data of 8.9 Million Study Material Users Leaked? Kyowon Group Probing Scope of Breach

Kyowon Group has confirmed indications that data was leaked externally due to a ransomware attack. However, the company has not yet determined the scale of the leak or whether customer information was included in the compromised data.

On January 13, Kyowon Group stated, "We identified signs of data being leaked externally due to a ransomware attack on the afternoon of January 12 and have filed an additional report with the Korea Internet & Security Agency (KISA). We are conducting a thorough investigation in cooperation with relevant authorities and external professional security organizations."

Kyowon Group, Jung-gu, Seoul. Photo by Jinhyung Kang aymsdream@

This incident occurred at 8:00 a.m. on January 10. Kyowon Group explained that the ransomware attack resulted in access disruptions to the websites of all its affiliates and internal system errors. The company reported the incident to KISA and investigative authorities at 9:00 p.m. on the same day, 13 hours after the incident occurred, and is currently investigating the cause and extent of the damage.

Given Kyowon Group's large customer base, there is significant interest in whether any customer information has been leaked. According to its website, Kyowon Kumon has provided learning materials to a cumulative total of 8.9 million people from March 1990 to May of last year. Kyowon Wells, which operates a home appliance rental business, previously disclosed that it has nearly 1 million accumulated accounts. Although Kyowon Group has not revealed the exact number of members, industry sources believe the customer base is substantial, given the company's broad business scope, including Kyowon Life and Travel Easy.

Following this ransomware attack, the company has activated an emergency response system. To prevent secondary incidents and further damage, Kyowon Group has implemented a range of follow-up measures, including a comprehensive inspection of all company systems, a detailed analysis of security vulnerabilities, enhanced 24-hour real-time monitoring of abnormal access and external connections, and an overall review and advancement of its incident response processes.

Kyowon Group has announced that if a customer information leak is ultimately confirmed, it will immediately take all necessary actions in accordance with relevant laws and promptly and transparently inform customers of the investigation results.

A Kyowon Group representative stated, "We feel a deep sense of responsibility regarding this matter and sincerely apologize for any concern caused. Until the cause of the incident is clearly identified, we will thoroughly review every process and completely overhaul our security systems to prevent recurrence. We are committed to doing our utmost to protect our customers and restore their trust."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.