The Personal Information Protection Commission launched an investigation on the 11th after receiving a report of a data breach from the online bookstore YES24.
According to the Personal Information Protection Commission, YES24 explained that it had detected abnormal member information inquiries during the response process after recognizing a ransomware attack on the 9th through a report submitted that morning. Ransomware is a hacking method that encrypts computer systems or data and demands money. Currently, all services at YES24, including book searches, orders, and ticket reservations, are suspended.
Previously, YES24 stated in an announcement on its website and application that 'the current connection error occurred due to a disruption caused by ransomware starting around 4 a.m. on Monday, June 9, and recovery efforts are underway,' adding that 'the internal investigation found no evidence of data leakage.'
The Personal Information Protection Commission plans to verify the specific circumstances of the data breach, the scale of damage, and compliance with safety measures, and will take action according to the Personal Information Protection Act. It is also reported that the legality of the breach reporting procedure will be verified. Under relevant laws, all personal information handlers must report breaches to the Personal Information Protection Commission within 72 hours of becoming aware of the breach.