A breach every month raises doubts about South Korea’s digital defenses

South Korea is world-famous for its blazing-fast web, near-universal broadband protection, and as a frontrunner in digital innovation, internet hosting international tech manufacturers like Hyundai, LG, and Samsung. However this very success has made the nation a primary goal for hackers and uncovered how fragile its cybersecurity defenses stay.  

The nation is reeling from a string of high-profile hacks, affecting bank card corporations, and telecoms to tech startups and authorities companies, affecting huge swathes of the South Korean inhabitants. In every case, ministries and regulators appeared to scramble in parallel, typically deferring to 1 one other slightly than transferring in unison. 

Critics argue that South Korea’s cyber defenses are hindered by a fragmented system of presidency ministries and companies, typically leading to gradual and uncoordinated responses, per local media reports. 

With no clear government agency acting as ‘first responder’ following a cyberattack, the nation’s cyber defenses are struggling to maintain tempo with its digital ambitions. 

“The federal government’s method to cybersecurity stays largely reactive, treating it as a disaster administration situation slightly than as important nationwide infrastructure,” Brian Pak, the chief govt of Seoul-based cybersecurity agency Theori, advised TechCrunch.  

Pak, who additionally serves as an advisor to SK Telecom’s mum or dad firm’s particular committee on cybersecurity improvements, advised TechCrunch that as a result of authorities companies tasked with cybersecurity work in silos, growing digital defenses and coaching expert employees typically get neglected. 

The nation can also be dealing with a extreme scarcity of expert cybersecurity consultants.  

“[That’s] primarily as a result of the present method has held again workforce improvement. This lack of expertise creates a vicious cycle. With out sufficient experience, it’s unimaginable to construct and preserve the proactive defenses wanted to remain forward of threats,” Pak continued.  

Political impasse has fostered a behavior of searching for fast, apparent “fast fixes” after every disaster, mentioned Pak, all of the whereas the tougher, long-term work of constructing digital resilience continues to be sidelined. 

This yr alone, there was a serious cybersecurity incident in South Korea each month, additional mounting issues over the resilience of South Korea’s digital infrastructure.  

January 2025 

• GS Retail, the operator of comfort shops and grocery markets throughout South Korea, confirmed an information breach that uncovered the non-public particulars of about 90,000 prospects after its web site was attacked between December 27 and January 4. The stolen data included names, start dates, contact particulars, addresses, and electronic mail addresses. 

February 2025 

April and Could 2025 

• South Korea’s part-time job platform Albamon was hit by a hacking attack on April 30. The breach uncovered the resumes of greater than 20,000 customers, together with names, telephone numbers, and electronic mail addresses.
• In April, South Korea’s telecom big SK Telecom was hit by a major cyberattack. Hackers stole the non-public information of about 23 million prospects—practically half the nation’s inhabitants. A lot of the aftermath of the cyberattack lasted by Could, wherein thousands and thousands of consumers had been provided a brand new SIM card following the breach. 

June 2025  

• Yes24, South Korea’s on-line ticketing and retail platform, was hit by a ransomware attack on June 9, which knocked its companies offline. The disruption lasted for about 4 days, with the corporate again on-line by mid-June. 

July 2025 

August 2025

• Sure 24 faced a second ransomware attack in August 2025, which took its web site and companies offline for a couple of hours. 
• Hackers broke right into a South Korean monetary companies firm Lotte Card, which points credit score and debit playing cards between July 22 and August. The breach uncovered round 200GB of information and is believed to have affected roughly 3 million customers. The breach remained unnoticed for about 17 days, till the corporate found it on August 31. 
• Welcom Monetary: In August 2025, Welrix F&I, a lending arm of Welcome Monetary Group, was hit by a ransomware attack. A Russian-linked hacking group claimed it stole over a terabyte of inside recordsdata, together with delicate buyer information, and even leaked samples on the darkish internet.
• North Korea–linked hackers, believed to be the Kimsuky group, have been spying on international embassies in South Korea for months by disguising their assaults as routine diplomatic emails. In keeping with Trellix, the marketing campaign has been lively since March and has targeted at least 19 embassies and foreign ministries in South Korea. 

September 2025  

• A North Korea–backed hacking group, Kimsuky, used AI-generated deepfake photos in a July spear-phishing try towards a South Korean army group, in keeping with Genians Safety Middle. The group has additionally focused different South Korean establishments.
• KT, considered one of South Korea’s greatest telecom operators, has reported a cyber breach that uncovered subscriber information from greater than 5,500 prospects. The assault was linked to unlawful “pretend base stations” that tapped into KT’s community, enabling hackers to intercept cell visitors, steal data like IMSI, IMEI, and telephone numbers, and even make unauthorized micro-payments. 

In mild of the latest surge in hacking incidents, the South Korean Presidential Workplace’s Nationwide Safety is stepping in to tighten defenses, pushing for a cross-ministerial effort that brings multiple agencies together in a coordinated, whole-of-government response.  

In September 2025, the Nationwide Safety Workplace introduced that it might implement “comprehensive” cyber measures by an interagency plan, led by the South Korean President’s workplace. Regulators additionally signaled a authorized change giving the federal government energy to launch probes at the first sign of hacking — even if companies haven’t filed a report. Each steps purpose to handle the dearth of a primary responder that has lengthy hindered South Korea’s cyber defenses. 

However South Korea’s fragmented system leaves accountability weak, putting all authority in a presidential ‘management tower’ might danger ‘politicization’ and overreach, in keeping with Pak.  

A greater path could also be steadiness: a central physique to set technique and coordinate crises, paired with impartial oversight to maintain energy in test. In a hybrid mannequin, professional companies like KISA would nonetheless deal with the technical work — simply with extra easy guidelines and accountability, Pak advised TechCrunch.  

When reached for remark, a spokesperson for the South Korea’s Ministry of Science in ICT mentioned the ministry, with KISA and different related companies, is “dedicated to addressing more and more refined and superior cyber threats.”  

“We proceed to work diligently to reduce potential hurt to Korean companies and most people,” the spokesperson added.