![The Yes24 logo [JOONGANG ILBO]](https://koreajoongangdaily.joins.com/data/photo/2025/06/12/d273be81-161c-4931-a982-000efe7e4581.jpg)
The Yes24 logo [JOONGANG ILBO]
The Personal Information Protection Commission (PIPC) has initiated an investigation into a potential data breach at Yes24, an online bookstore, triggered by a ransomware attack reported on June 9. While Yes24 initially asserted that customer data remained secure, subsequent disclosures from the PIPC disclosed evidence of unauthorized access to user information.
Ransomware attacks involve cybercriminals encrypting data and demanding a ransom for its release. According to the PIPC, Yes24 formally informed them of the breach early Wednesday, detailing the irregular access to member data identified amid their response to the ongoing attack.
![A statement about a ransomware-related data breaches released by the company [SCREEN CAPTURE]](https://koreajoongangdaily.joins.com/data/photo/2025/06/12/d906deb2-7f62-47de-b059-3dd4e467c7e1.jpg)
A statement about a ransomware-related data breaches released by the company [SCREEN CAPTURE]
Despite denying a data breach at first, Yes24’s website has been offline since the morning of June 9, preventing users from searching for or purchasing books, managing ticket orders, requesting refunds, and accessing e-book subscriptions. The PIPC has committed to investigating the specifics of the breach, assessing the damage incurred, and evaluating whether Yes24 has adhered to its obligations under the Personal Information Protection Act.
Should any violations be uncovered, the commission is prepared to take legal action. A PIPC official emphasized the increasing prevalence of ransomware incidents, urging organizations to scrutinize their security processes and implement updated protective measures. It is crucial for companies to regularly back up essential data, particularly member databases, and store them securely to minimize the risk of data loss.
Concurrently, the Korea Internet & Security Agency (KISA) refuted Yes24’s claims regarding its cooperation with government officials to resolve the breach. KISA representatives had visited Yes24’s headquarters on June 10 and 11 to evaluate the situation but indicated that Yes24 had not fully engaged with their technical assistance. “We have not confirmed any details from Yes24 nor conducted a collaborative investigation,” KISA stated. They stressed the importance of swift service restoration and full cooperation in uncovering the breach’s root cause.
In its second official statement on Wednesday, Yes24 asserted that it had promptly reported the ransomware incident to KISA on Monday afternoon. The company’s chief information security officer, along with relevant teams, is reportedly striving to analyze the situation and restore services in collaboration with KISA. Yes24 maintained that no critical data was compromised and that all information remains intact, attributing their recovery efforts to successful server back-ups.
Yes24 utilizes its own information security team, generally undertaking an initial assessment before working in concert with KISA, following established protocols. This incident highlights the vulnerabilities even established online platforms face in the ever-evolving landscape of cybersecurity threats.
In reviewing this breach through the lens of the MITRE ATT&CK matrix, potential tactics such as “Initial Access” might have been leveraged during the attack, allowing unauthorized users to infiltrate Yes24’s network. Techniques related to “Persistence” may have facilitated ongoing access, while “Privilege Escalation” could have enabled attackers to gain heightened access rights within the system. As organizations increasingly confront cyber threats, understanding and employing the MITRE framework can help fortify defenses against future incidents.
Translated from the JoongAng Ilbo using generative AI and edited by Korea JoongAng Daily staff.
BY HAN EUN-HWA, KIM EUN-BIN [[email protected]]
