Korean police have launched an investigation after confirming that the personal information of more than 100,000 customers was leaked from a golf course in Gapyeong, Gyeonggi Province. Authorities are pursuing the case on the possibility that a North Korean hacking group was behind the breach.
According to the Korean National Police Agency on Wednesday, the agency’s Security Investigation Command Division is investigating the hacking of the website of Lee & Lee Country Club (Lee & Lee CC) in Gapyeong. Police identified signs of the hacking while tracking a North Korean hacker group and notified the company on the 17th.
Lee & Lee CC informed customers of the data breach the following day, on the 18th, through a notice on its website and text messages. The scale of the leak is estimated at more than 100,000 people.
The leaked information was found to include up to nine categories: name, date of birth, gender, user ID, password, mobile phone number, landline phone number, email, and address. However, for those who registered after the login system was changed on February 15, 2023, six categories were leaked, excluding user ID, password, and landline phone number.
Police believe the golf course’s server was infected with malware distributed by a hacking group. Lee & Lee CC also said, “It was confirmed that personal information was leaked after malware was inserted into our website.” The company added, “The malware in question was immediately deleted by police, and additional follow-up measures are underway.”
Investigative authorities are giving weight to the possibility that the incident is linked to a hacker group under North Korea’s Reconnaissance General Bureau. According to the Defense White Paper, as of 2024, hacking personnel under North Korea’s Supreme Command and State Affairs Commission are estimated to number about 8,400. A police official said, “We are closely examining the circumstances of the hacking, including whether a North Korean organization was involved.”
Personal information leak incidents have been surging recently. According to the Personal Information Protection Commission, related fines soared from 1.5 billion won in 2021 to 14.8 billion won in 2023 and 157.9 billion won ($110 million) in 2024. Previously, matchmaking company Duo was fined 1.197 billion won over a data breach affecting approximately 430,000 people.
Click Here For The Original Source.
