The Yes24 logo [JOONGANG ILBO]
The Personal Information Protection Commission (PIPC) has launched an investigation into a possible data breach at online bookstore Yes24 following a ransomware attack on Monday, the PIPC said Wednesday.
Yes24 initially said that no customer data had been compromised, but the PIPC revealed that the company later reported signs of unauthorized access to user information.
Ransomware is a type of cyberattack in which hackers encrypt a server or system and demand payment in exchange for restoring access.
Yes24 notified the commission of the breach Wednesday morning, reporting that it became aware of the “ransomware attack on June 9 and discovered irregular access to member information during its response efforts,” according to the PIPC.
![A statement about a ransomeware-related data breaches released by the company [SCREEN CAPTURE]](https://i0.wp.com/koreajoongangdaily.joins.com/data/photo/2025/06/12/d906deb2-7f62-47de-b059-3dd4e467c7e1.jpg?w=1150&ssl=1)
A statement about a ransomeware-related data breaches released by the company [SCREEN CAPTURE]
The company had previously denied any evidence of a breach.
But its website has been down since Monday morning. Users have been unable to search for or purchase books, book or cancel tickets, request refunds or access e-book subscriptions.
The PIPC said it will investigate the details of the breach, the extent of the damage and whether Yes24 complied with its legal obligations to secure personal information.
If the commission finds any violations of the Personal Information Protection Act, it will take legal action.
“Given the growing number of ransomware-related data breaches, we urge all companies to inspect their services for vulnerabilities and keep security systems up to date,” a PIPC official said. “It is critical to back up key files, including member databases and store them separately to prevent data loss.”
The Korea Internet & Security Agency (KISA), meanwhile, publicly refuted Yes24’s claim that it is working closely with government officials to investigate and resolve the breach.
“KISA analysts visited Yes24 headquarters twice, on June 10 and 11, to assess the situation, but Yes24 has not cooperated with KISA’s technical support efforts,” KISA said in a press release on Wednesday. “Aside from a verbal explanation shared during our initial on-site visit on June 10, we have not confirmed any details or conducted a joint investigation with Yes24.
“We will continue to urge Yes24 to restore its services swiftly and to cooperate in determining the cause of the breach.”
Yes24 issued its second official statement on Wednesday, saying, “We reported the ransomware attack to KISA at 1 p.m. on Monday and our chief information security officer and relevant teams are doing everything they can in cooperation with KISA to analyze the cause and restore services.”
“We have confirmed that no major data has been leaked or lost and that all data remains intact,” the company said. “We completed a server backup and are proceeding with the recovery based on that.
“Yes24 operates its own information security team. Companies with internal security teams generally conduct an initial analysis before carrying out a joint review with KISA, and Yes24 is following that process.”
Translated from the JoongAng Ilbo using generative AI and edited by Korea JoongAng Daily staff.
BY HAN EUN-HWA,KIM EUN-BIN [[email protected]]
