A ransomware attack on one of South Korea’s largest ticketing platforms and online book retailers has disrupted the country’s entertainment industry — forcing event cancellations and postponements as organizers scramble to manage the ongoing service outage, according to local media reports.
The attack on Yes24, which struck early on Monday, has left the company’s website and services offline for four consecutive days, crippling online bookings for concerts, e-book access and community forums. The company said it aims to restore full operations by June 15.
South Korea’s privacy watchdog, the Personal Information Protection Commission, has launched an investigation into the incident, which may have exposed customer data. Authorities said they would examine whether Yes24 met its legal obligations under the country’s data privacy laws.
According to local media reports, the Yes24 outage has triggered a cascade of disruptions. Presales and events for K-pop stars and actors — including Park Bo-gum, Enhypen, Ateez and rapper B.I — have been postponed or canceled.
Producers of musicals such as “The Bridges of Madison County” and “Aladdin” are now asking audience members to present printed or emailed reservations to be admitted. Several attendees were reportedly turned away earlier this week after failing to provide verifiable ticket details.
Yes24 said in a statement on Wednesday that it had regained control of its administrator account and is working to restore other services. The threat actor behind the attack remains unknown.
The company said it has not yet confirmed any external leakage of personal information but reported suspicious activity involving unauthorized access to customer data to South Korea’s data privacy agency.
“If the additional investigation confirms that personal information has been leaked, we will immediately notify you,” Yes24 said in a notice posted on its website.
Ticketing platforms are attractive targets for cybercriminals because they store large volumes of personal data, process high volumes of payments and face strong pressure to pay ransoms quickly to avoid disruptions to events and reputational damage.
In the U.S. the hackers previously targeted platforms StubHub and Ticketmaster, particularly to disrupt ticket sales for Taylor Swift’s Eras Tour concert.
Recorded Future
Intelligence Cloud.
Learn more.
