A breach every month raises doubts about South Korea’s digital defenses

South Korea is world-famous for its blazing-fast internet, near-universal broadband coverage, and arsenic a person successful integer innovation, hosting planetary tech brands similar Hyundai, LG, and Samsung. But this precise occurrence has made the state a premier people for hackers and exposed however fragile its cybersecurity defenses remain.  

The state is reeling from a drawstring of high-profile hacks, affecting recognition paper companies, and telecoms to tech startups and authorities agencies, affecting immense swathes of the South Korean population. In each case, ministries and regulators appeared to scramble successful parallel, sometimes deferring to 1 different alternatively than moving successful unison. 

Critics reason that South Korea’s cyber defenses are hindered by a fragmented strategy of authorities ministries and agencies, often resulting successful dilatory and uncoordinated responses, per section media reports. 

With no wide authorities bureau acting arsenic ‘first responder’ pursuing a cyberattack, the country’s cyber defenses are struggling to support gait with its integer ambitions. 

“The government’s attack to cybersecurity remains mostly reactive, treating it arsenic a situation absorption contented alternatively than arsenic captious nationalist infrastructure,” Brian Pak, the main enforcement of Seoul-based cybersecurity steadfast Theori, told TechCrunch.  

Pak, who besides serves arsenic an advisor to SK Telecom’s genitor company’s peculiar committee connected cybersecurity innovations, told TechCrunch that due to the fact that authorities agencies tasked with cybersecurity enactment successful silos, processing integer defenses and grooming skilled workers often get overlooked. 

The state is besides facing a terrible shortage of skilled cybersecurity experts.  

“[That’s] chiefly due to the fact that the existent attack has held backmost workforce development. This deficiency of endowment creates a vicious cycle. Without capable expertise, it’s intolerable to physique and support the proactive defenses needed to enactment up of threats,” Pak continued.  

Political deadlock has fostered a wont of seeking quick, evident “quick fixes” aft each crisis, said Pak, each the portion the much challenging, semipermanent enactment of gathering integer resilience continues to beryllium sidelined. 

This twelvemonth alone, determination has been a large cybersecurity incidental successful South Korea each month, further mounting concerns implicit the resilience of South Korea’s integer infrastructure.  

January 2025 

• GS Retail, the relation of convenience stores and market markets crossed South Korea, confirmed a information breach that exposed the idiosyncratic details of astir 90,000 customers aft its website was attacked betwixt December 27 and January 4. The stolen accusation included names, commencement dates, interaction details, addresses, and email addresses. 

February 2025 

• Wemix, the blockchain limb of Korean gaming institution Wemade, was deed by a $6.2 cardinal hack connected February 28, but investors didn’t perceive astir it until March 4. 

April and May 2025 

• South Korea’s part-time occupation level Albamon was deed by a hacking onslaught connected April 30. The breach exposed the resumes of much than 20,000 users, including names, telephone numbers, and email addresses.
• In April, South Korea’s telecom elephantine SK Telecom was deed by a large cyberattack. Hackers stole the idiosyncratic information of astir 23 cardinal customers—nearly fractional the country’s population. Much of the aftermath of the cyberattack lasted done May, successful which millions of customers were offered a caller SIM paper pursuing the breach. 

June 2025  

• Yes24, South Korea’s online ticketing and retail platform, was deed by a ransomware onslaught connected June 9, which knocked its services offline. The disruption lasted for astir 4 days, with the institution backmost online by mid-June. 

July 2025 

• In July, the North Korea–linked Kimsuky radical launched a cyberattack connected South Korean organizations, including a defense-related institution, this clip utilizing AI-generated deepfake images.
• Seoul Guarantee Insurance (SGI), a Korean fiscal institution, was hit by a ransomware onslaught astir July 14, which disrupted its halfway systems. The incidental knocked cardinal services offline, including the issuing and verification of guarantees, leaving customers successful limbo. 

August 2025

• Yes 24 faced a 2nd ransomware onslaught successful August 2025, which took its website and services offline for a fewer hours. 
• Hackers broke into a South Korean fiscal services institution Lotte Card, which issues recognition and debit cards betwixt July 22 and August. The breach exposed astir 200GB of information and is believed to person affected astir 3 cardinal customers. The breach remained unnoticed for astir 17 days, until the institution discovered it connected August 31. 
• Welcom Financial: In August 2025, Welrix F&I, a lending limb of Welcome Financial Group, was deed by a ransomware attack. A Russian-linked hacking radical claimed it stole implicit a terabyte of interior files, including delicate lawsuit data, and adjacent leaked samples connected the acheronian web.
• North Korea–linked hackers, believed to beryllium the Kimsuky group, person been spying connected overseas embassies successful South Korea for months by disguising their attacks arsenic regular diplomatic emails. According to Trellix, the run has been progressive since March and has targeted astatine slightest 19 embassies and overseas ministries successful South Korea. 

September 2025  

• A North Korea–backed hacking group, Kimsuky, utilized AI-generated deepfake images successful a July spear-phishing effort against a South Korean subject organization, according to Genians Security Center. The radical has besides targeted different South Korean institutions.
• KT, 1 of South Korea’s biggest telecom operators, has reported a cyber breach that exposed subscriber information from much than 5,500 customers. The onslaught was linked to amerciable “fake basal stations” that tapped into KT’s network, enabling hackers to intercept mobile traffic, bargain accusation similar IMSI, IMEI, and telephone numbers, and adjacent marque unauthorized micro-payments. 

In airy of the caller surge successful hacking incidents, the South Korean Presidential Office’s National Security is stepping successful to tighten defenses, pushing for a cross-ministerial effort that brings aggregate agencies unneurotic successful a coordinated, whole-of-government response.  

In September 2025, the National Security Office announced that it would instrumentality “comprehensive” cyber measures done an interagency plan, led by the South Korean President’s office. Regulators besides signaled a ineligible alteration giving the authorities powerfulness to motorboat probes at the archetypal motion of hacking — adjacent if companies haven’t filed a report. Both steps purpose to code the deficiency of a archetypal responder that has agelong hindered South Korea’s cyber defenses. 

But South Korea’s fragmented strategy leaves accountability weak, placing each authorization successful a statesmanlike ‘control tower’ could hazard ‘politicization’ and overreach, according to Pak.  

A amended way whitethorn beryllium balance: a cardinal assemblage to acceptable strategy and coordinate crises, paired with autarkic oversight to support powerfulness successful check. In a hybrid model, adept agencies like KISA would inactive grip the method enactment — conscionable with much straightforward rules and accountability, Pak told TechCrunch.  

When reached for comment, a spokesperson for the South Korea’s Ministry of Science successful ICT said the ministry, with KISA and different applicable agencies, is “committed to addressing progressively blase and precocious cyber threats.”  

“We proceed to enactment diligently to minimize imaginable harm to Korean businesses and the wide public,” the spokesperson added.