Yes24 admits to ransomware hack with book, ticket platform down for 2 days

Yes24, one of Korea’s largest online bookstores and ticketing platforms, has been offline for two consecutive days following a ransomware attack, which is having a particularly severe impact on events with tickets bookable through the company.

Yes24, one of Korea’s largest online bookstores and ticketing platforms, has been offline for two consecutive days following a ransomware attack. While the company promptly reported the incident to authorities, it did not inform users about the breach until 36 hours later.

Ransomware refers to a type of cyberattack in which hackers encrypt the victim's data and demand payment in exchange for its release.

In a statement issued at 4 p.m. on Tuesday, Yes24 acknowledged that the disruption was due to a ransomware attack that began around 4 a.m. on Monday. According to the company, all of its services — including book sales, ticketing, e-books, digital library services and the Sarak content platform — have been rendered inaccessible.

Addressing concerns about potential data leaks, Yes24 said, “We have confirmed that no personal data has been leaked or lost. All order and transaction data remains intact.”

According to Rep. Choi Su-jin of the People Power Party, who sits on the National Assembly’s Science, ICT, Broadcasting and Communications Committee, Yes24 initially informed the Korea Internet and Security Agency (KISA) immediately after the attack.

However, on its website, it merely cited “system maintenance” or “system failure” until it issued a full statement later. Responding to criticism that it did not consent to technical support from KISA, a Yes24 representative said, “To our understanding, companies with in-house security teams are not required to do so.”

A concept depicting a data leak [GETTY IMAGES]

The incident has already affected several live events. Producers of musicals such as "Bare the Musical," "Gutenberg" and "The Bridges of Madison County" — which use Yes24’s ticketing platform — posted on social media Tuesday evening asking attendees to bring booking confirmation emails or printed tickets.

They added, “Entry will proceed as normal if seat information can be confirmed. Otherwise, entry may be restricted depending on the situation at the venue.”

K-pop boy band Enhypen canceled applications for its fan signing event, originally scheduled to remain open through Yes24 from June 7 to 9.

Yes24 said it is preparing compensation plans for affected users and partners. “We will notify everyone of detailed compensation according to the scope of the damage, once services are restored,” the company said.

The Korean publishing industry faced a similar cyber incident in 2023, when rival online bookstore Aladin was hacked. That breach resulted in the leak of approximately 720,000 e-books, with 5,000 of them illegally circulated. Compensation for copyright damages followed.

Translated from the JoongAng Ilbo using generative AI and edited by Korea JoongAng Daily staff. BY LEE HOO-NAM [yoon.soyeon@joongang.co.kr]