The Kyowon Group (Kyowon), a South Korean conglomerate, disclosed that a cyberattack has disrupted its operations and customer information may have been exposed in the incident.
The company published a statement earlier this week saying that it recently learned that its systems had been targeted in a suspected ransomware attack.
In a subsequent update today, Kyowon confirmed the ransomware incident, disclosing that it occurred on January, around 10 a.m., and that the attacker exfiltrated customer data.
Source: BleepingComputer
Kyowon is a well-established South Korean conglomerate specializing in education and publishing, digital learning tools, hospitality, and various consumer services.
According to Korean media, there are over 9.6 million accounts registered with the company, corresponding to about 5.5 million people, who may have had their information exposed to hackers.
The same outlets report that the ransomware attack has impacted roughly 600 out of Kuowon’s 800 servers.
The cyber-incident at Kyowon became apparent due to service outages earlier this week, with the company announcing an immediate response, notifying Korea’s Internet & Security Agency (KISA), and promising to inform customers if a data leak is confirmed.
The latest announcement published on the Kyowon website earlier today confirms that some data was stolen during the attack, but there is no confirmation that customer information has been impacted.
“The KyoWon Group has confirmed the existence of an external data leak and is conducting a detailed investigation in cooperation with relevant authorities and security experts to determine whether customer information was actually included. If the leak is confirmed, the company plans to provide transparent information,” the company says in the latest update.
At the same time, the company is working to restore its online services, a process that is reportedly in its final stages.
As of this writing, no major ransomware groups have claimed the attack at Kyowon. BleepingComputer has contacted the firm to ask for more info about the attack, but we have not received a response by publication time.
The Kyowon breach is the last in a series of large-scale cyberattacks impacting South Korean companies, some of which exposed the sensitive data of large swaths of the country’s population.
In December 2025, retail giant Coupang suffered a data breach that impacted 33.7 million customers, while Korean Air, the country’s flag carrier, also disclosed a cybersecurity incident exposing its staff.
In May 2025, SK Telecom disclosed that it had suffered a malware breach since 2022, which exposed the USIM data of 27 million subscribers.
Around the same time, Dior’s Korean shop disclosed a security incident that exposed customer order information to hackers.
As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.
This free cheat sheet outlines 7 best practices you can start using today.