Growing Customer Anxiety Amid Uncertainty Over Personal Information Leak
It is estimated that a ransomware attack affecting multiple Kyowon Group affiliates has impacted approximately 600 virtual servers and around 9.6 million service users.
On January 14, an investigation team composed of the Korea Internet & Security Agency (KISA) and other organizations reported that out of Kyowon Group's total 800 servers, about 600 virtual servers were affected by the recent ransomware infection. As a result, at least eight major services, including sales management systems and various websites, have experienced disruptions.
The investigation team estimates the total number of users across Kyowon Group's eight affiliates at 13 million, with the number dropping to about 5.54 million when duplicate users are excluded. Among these, the number of users affected by the ransomware-infected major services is estimated at approximately 9.6 million, including duplicates.
Upon receiving Kyowon Group's incident report, the investigation team completed emergency response measures such as blocking attacker IPs and external access through firewalls, and deleting malicious files. Currently, the team has secured the IPs used in the attack and malicious files such as web shells utilized in the ransomware, and is conducting a detailed analysis.
Fortunately, Kyowon Group operates backup servers separately, and so far, no signs of infection have been detected on these backup servers. However, even after five days since the hacking incident, it has not yet been confirmed whether customer personal information was actually leaked.
In a press release distributed on the same day, Kyowon Group stated, "We are currently at the stage of identifying signs of external data leakage, and are conducting a detailed investigation in cooperation with relevant agencies and security experts to determine whether customer information was actually included. If a customer information leak is confirmed, we will provide transparent guidance."
Previously, on the morning of January 10, Kyowon Group detected abnormal signs in some internal systems and reported the breach to KISA and investigative authorities at around 9 p.m. that same day. On January 12, further indications of data leakage were identified, and the following morning, the relevant information was reported to KISA and the Personal Information Protection Commission.
Kyowon Group is informing customers of developments related to this incident through text messages and notification services. However, as the possibility of personal information leakage has not yet been clearly determined, anxiety is spreading among consumers.
Particularly concerning is that Kyowon Group operates educational businesses such as Kyowon Kumon and Kyowon Red Pen, raising the possibility that not only minors' personal information, including students' names and addresses, but also financial information such as bank account and card numbers, may have been leaked.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![$29 Monthly Subscription AI Plant Appliance... US Startup Challenges LG [CES 2026]](https://cwcontent.asiae.co.kr/asiaresize/319/2026010819285284553_1767868133.png)
