[Alpha Biz= Paul Lee] SEOUL, August 18, 2025 – Welcome Financial Group confirmed that one of its affiliates, Wellix F&I Loan, was recently targeted in a ransomware attack by an overseas hacking group. The company immediately activated its emergency response system and has been conducting a thorough investigation.
The group emphasized that its core network infrastructure and mission-critical systems, including those of Welcome Savings Bank, were not affected, and there is no evidence of intrusion into key servers across its main subsidiaries.
A Russian-linked hacker group has claimed responsibility via the dark web, alleging it had gained access to sensitive customer databases. However, Welcome Financial Group clarified that the leaked documents under review are not customer information, but rather appear to be internal materials such as meeting documents and approval forms.
A spokesperson stated, “The incident originated from a limited number of personal PCs at certain affiliates. Immediate containment and recovery measures were implemented, and additional security checks are underway. We have already restored part of the affected systems and continue to strengthen safeguards to prevent further risks.”
Welcome Financial Group continues to cooperate with security experts and relevant authorities while reinforcing its cybersecurity and monitoring systems.
Alphabiz Reporter Paul Lee(hoondork1977@alphabiz.co.kr)
