A security incident occurring each month casts uncertainty on the strength of South Korea’s online protections

South Korea is renowned for its ultra-fast internet, widespread broadband access, and its reputation as a digital trailblazer, home to major technology giants such as Hyundai, LG, and Samsung. However, this technological advancement has also made the nation an attractive target for cybercriminals, revealing significant weaknesses in its cybersecurity infrastructure.  

Recently, the country has been shaken by a series of major cyberattacks, impacting credit card providers, telecommunications firms, tech startups, and government bodies, affecting millions across South Korea. In each instance, government departments and regulators seemed to react independently, sometimes passing responsibility rather than acting together. 

According to local media, critics say South Korea’s cyber protection is hampered by a patchwork of ministries and agencies, often leading to delayed and disjointed actions. 

Without a single government body designated as the primary responder to cyber incidents, the nation’s digital security efforts are struggling to keep up with its technological progress. 

“The government still treats cybersecurity as a reactive issue, focusing on crisis management instead of recognizing it as essential national infrastructure,” said Brian Pak, CEO of Seoul-based cybersecurity company Theori, in an interview with TechCrunch.  

Pak, who also advises SK Telecom’s parent company’s cybersecurity innovation committee, explained to TechCrunch that government agencies responsible for cybersecurity often work in isolation, which means building robust defenses and training professionals is frequently neglected. 

South Korea is also grappling with a significant lack of qualified cybersecurity professionals.  

“This is largely due to the current approach, which has stifled the development of the cybersecurity workforce. The shortage of talent creates a negative cycle—without enough experts, it’s impossible to establish and maintain proactive defenses to counter threats,” Pak added.  

Pak noted that political gridlock has led to a pattern of seeking immediate, superficial solutions after each incident, while the more difficult, long-term work of strengthening digital resilience is continually overlooked. 

In 2025 alone, South Korea has experienced a major cyber incident nearly every month, intensifying worries about the strength of its digital infrastructure.  

January 2025 

• GS Retail, which operates convenience stores and supermarkets nationwide, reported a data breach that compromised the personal information of approximately 90,000 customers after its website was attacked between December 27 and January 4. The stolen data included names, dates of birth, contact information, addresses, and email addresses. 

February 2025 

• Wemix, the blockchain division of Korean gaming firm Wemade, suffered a $6.2 million cyber theft on February 28 , but investors were only informed on March 4. 

April and May 2025 

• On April 30, Albamon, a South Korean part-time job platform, was breached, exposing the resumes of over 20,000 users, including their names, phone numbers, and email addresses.
• In April, SK Telecom, a leading telecom provider, experienced a significant cyberattack. Hackers accessed the personal details of about 23 million users—almost half the nation’s population. The fallout continued into May, with millions of customers being offered replacement SIM cards. 

June 2025  

• On June 9, Yes24, a major online ticketing and retail site, was hit by a ransomware attack that took its services offline for roughly four days, with operations resuming by mid-June. 

July 2025 

• In July, the Kimsuky group, linked to North Korea, targeted South Korean organizations—including a defense-related entity—using AI-generated deepfake images in their cyberattack.
• Seoul Guarantee Insurance (SGI), a financial services provider, was struck by ransomware around July 14, disrupting its main systems. The attack rendered essential services, such as issuing and verifying guarantees, temporarily unavailable, leaving customers unable to access them. 

August 2025

• Yes24 suffered a second ransomware incident in August 2025, which caused its website and services to go offline for several hours. 
• Hackers infiltrated Lotte Card, a South Korean credit and debit card issuer, between July 22 and August. The breach resulted in the theft of around 200GB of data and is estimated to have affected about 3 million customers. The intrusion went undetected for about 17 days, until it was discovered on August 31. 
• Welcome Financial: In August 2025, Welrix F&I, a lending subsidiary of Welcome Financial Group, was targeted by ransomware. A hacking group with Russian ties claimed responsibility, stating they stole over a terabyte of internal documents, including sensitive customer information, and released samples on the dark web.
• Hackers believed to be from the North Korea-linked Kimsuky group have been conducting espionage against foreign embassies in South Korea for months, disguising their attacks as routine diplomatic emails. Trellix reports that this campaign has been ongoing since March and has targeted at least 19 embassies and foreign ministries in the country. 

September 2025  

• The Kimsuky group, backed by North Korea, used AI-generated deepfake images in a spear-phishing attack against a South Korean military organization in July, according to Genians Security Center. The group has also targeted other institutions in the country.
• KT, one of the largest telecom companies in South Korea, reported a cyber incident that exposed data from over 5,500 subscribers. The breach was linked to illegal “fake base stations” that accessed KT’s network, allowing hackers to intercept mobile traffic, steal information such as IMSI, IMEI, and phone numbers, and even carry out unauthorized micro-payments. 

Following the recent spike in cyberattacks, the National Security Office under the South Korean Presidential Office is stepping up efforts to strengthen defenses, advocating for a coordinated, cross-agency response involving multiple government bodies.  

In September 2025, the National Security Office revealed plans to roll out “comprehensive” cybersecurity initiatives through an interagency strategy led by the president’s office. Regulators also indicated that new laws would allow the government to launch investigations at the earliest sign of a cyberattack—even if companies have not yet reported the incident. These measures are intended to resolve the long-standing issue of lacking a clear first responder in South Korea’s cybersecurity framework. 

However, Pak warns that the country’s fragmented structure weakens accountability, and concentrating all authority in a presidential “control tower” could lead to political interference and excessive power.  

A more effective solution, Pak suggests, would be a balanced approach: a central authority to set strategy and manage crises, combined with independent oversight to prevent abuse of power. In this hybrid model, specialized agencies like KISA would still handle technical operations, but with clearer rules and greater accountability, Pak told TechCrunch.  

When asked for comment, a spokesperson from South Korea’s Ministry of Science and ICT stated that the ministry, together with KISA and other relevant bodies, is “dedicated to tackling increasingly complex and advanced cyber threats.”  

“We remain committed to minimizing any potential risks to Korean businesses and the public,” the spokesperson said.