Media365
Seoul: South Korean cybersecurity authorities estimate that around 9.6 million accounts may have been affected by a recent cyberattack at Kyowon Group, a local education service provider, informed sources said on Wednesday.
The estimate by a government investigation team that includes the Korea Internet & Security Agency comes after Kyowon Group reported a possible breach on Monday, saying it had detected traces of a ransomware attack, reports Yonhap news agency.
Kyowon said it became aware of abnormal activities in its internal system Saturday and later identified a possible data breach. The authorities estimate that 600 of the company’s 800 servers fall within the scope of the breach.
Add Zee News as a Preferred Source
The investigation team estimates Kyowon Group’s eight affiliates held 13 million members in total, a figure that narrows to 5.54 million after removing overlaps. The 9.6-million estimate counts users holding more than one account.
As Kyowon Group operates a wide range of businesses, including tutoring, home appliance rentals and funeral services, experts said the number of victims could be substantial. Kyowon Group has yet to confirm whether its members’ personal data was actually leaked.
“We have identified indications of a possible data leak, and an investigation is under way with relevant organisations and security institutions to determine whether consumers’ data was actually breached,” Kyowon Group said in a release.
“If customer data is confirmed to have been leaked, we will notify users in a transparent manner,” the company added. Meanwhile, more than 150,000 customers of KT Corp., South Korea’s second-largest mobile carrier, have left the company for a different service provider after KT began waiving early termination fees following a major data breach, industry sources said last week.
According to the sources, 154,851 KT users switched to rival carriers between Dec. 31 and Thursday, averaging more than 17,000 departures per day.SK Telecom, the country’s largest carrier, which implemented a similar penalty waiver in July after a large-scale data leak, lost about 160,000 users following its own incident.
