“Weekend Briefing” is a weekly newsletter sent to subscribers of The Readable every Friday.
Yes24, one of South Korea’s largest online bookstores, allegedly paid a ransom worth tens of billions of won after hackers crippled its servers with a ransomware attack. Telus International AI, a Canadian AI data platform, was fined in South Korea following a data breach that exposed the personal information of around 680,000 people worldwide. The Korea Research Foundation reported a hack that leaked data from 120,000 users of its online paper submission system. Meanwhile, over 1,000 SK Telecom customers have filed lawsuits seeking damages after a large-scale hacking incident involving the company’s USIM services.
This is Dain Oh reporting from South Korea, and here is your weekend briefing.
1. Korean online book giant paid ransom amid cybersecurity lapses, JTBC Says – JTBC
According to JTBC, South Korean online bookstore Yes24 paid a ransom worth tens of billions of won to hackers who had carried out a ransomware attack, encrypting the company’s servers and demanding payment to release the data.
Although Yes24 publicly claimed it was restoring its systems from backups, JTBC reports that the company did not have proper backups of critical data like payment and order records, which left it vulnerable and ultimately forced it to turn to negotiations with the attackers due to its insufficient security preparations.
- Related articles: South Korea’s leading online bookstore hit by ransomware – Daily briefing on June 10
- Related articles: YES24 cyberattack sparks outage, customer outrage, and stock plunge – Daily briefing on June 12
Following the incident, Yes24 stated it is reassessing and strengthening its security measures. However, cybersecurity experts stress that companies should never negotiate with hackers, warning that paying a ransom does not guarantee complete data recovery and could encourage further attacks.
2. Canadian firm Telus International AI fined over data breach in South Korea – Asia Business Daily
Telus International AI has been fined 82 million won (approximately $58,500) and an additional penalty of 7.2 million won (around $5,100) by South Korea’s Personal Information Protection Commission after a data breach exposed the personal information of 13,622 individuals in South Korea and about 680,000 people worldwide.
Telus, a subsidiary of a Canadian telecommunications company, operates a platform that recruits contributors to create and evaluate AI training data for corporate clients. Investigations revealed that the company neglected to check for security vulnerabilities while updating its platform, which enabled a hacker to log in as a regular user and access the entire user database without proper administrator authentication.
Furthermore, Telus failed to report the breach to authorities within the legally required 72-hour window and delayed notifying affected users individually without valid justification. The Commission emphasized that businesses handling personal data must regularly identify and address security vulnerabilities during the development and operation of their services.
3. Cyberattack on Korea’s National Research Foundation leaks personal data of 120,000 – Yonhap
The National Research Foundation of Korea (NRF), a government-funded organization that supports academic research and development across various disciplines, reported a significant data breach in its online paper submission system (jams.or.kr), resulting in the exposure of approximately 120,000 personal records. The compromised information includes names, dates of birth, contact numbers, email addresses, and account IDs.
The Daejeon Metropolitan Police Agency’s Cybercrime Investigation Unit initiated an investigation after receiving a report from the NRF on the 16th of this month. Authorities are analyzing server access logs and tracking IP addresses to identify the perpetrators behind the intrusion.
Concurrently, the Personal Information Protection Commission has launched its own inquiry to assess the breach’s scope and determine whether the NRF complied with legal obligations concerning data security and breach notifications. Although users experienced temporary access issues on the online submission system following security checks, no secondary damage has been reported so far.
4. Over 1,000 SK Telecom users sue for damages after massive USIM hacking incident – The Fact
The number of SK Telecom customers filing lawsuits over a large-scale hacking incident involving the company’s USIM (Universal Subscriber Identity Module) services has risen to 1,006, with total damages claimed amounting to approximately 622.6 million won (around $445,000). Compensation demands vary between 100,000 won (about $70) and 1 million won (around $700) per person.
- Related articles: New bill seeks stronger corporate accountability in wake of SK Telecom data leak – Daily briefing on June 12
- Related articles: SK Telecom data breach triggers mass exodus and regulatory backlash – Weekend briefing on May 23
- Related articles: SK Telecom hacking incident raises concerns over USIM security – April 23
On the 24th, the law firm Dasan filed a lawsuit at the Seoul Central District Court on behalf of 426 victims, seeking 100,000 won per person in damages. Dasan argued that SK Telecom delayed reporting the data breach beyond the legal deadline and failed to notify affected individuals directly, leaving vulnerable groups unaware of the leak. It also pointed out that the company’s measures, such as SIM card replacements and protection services, were not promptly accessible to customers in remote areas or those living overseas.
Previously, on the 13th, the law firm Daeryun filed a separate lawsuit representing 331 victims, each seeking 1 million won in compensation. Daeryun is handling a total of 580 plaintiffs, having initially filed a suit for 249 people in late May and then adding 331 more. Both law firms plan to continue identifying additional victims and submitting further legal complaints.
5. Daily briefing: From bombs to bytes – The Readable
As military tensions escalate between the United States, Iran, and Israel, cyberspace has emerged as a critical battleground alongside airstrikes and missile exchanges. In the wake of U.S. bombing raids on Iranian nuclear facilities, cybersecurity experts and federal agencies are warning of potential Iranian cyber retaliation, while pro-Iranian groups have already claimed responsibility for digital attacks. Simultaneously, Israel-linked hackers have launched aggressive cyber operations targeting Iranian financial institutions, prompting Iran to impose a near-total internet blackout. These developments underscore the growing role of cyber capabilities in modern conflict, where attacks on digital infrastructure can inflict strategic damage and psychological impact without a single shot being fired. READ MORE
Editor’s note: Each item in this briefing was initially summarized or translated by ChatGPT-4o based on the author’s specific instructions, which included news judgment, fact-checking, and thorough editing before publication.
