 |
Photo courtesy of Yonhap News |
[Alpha Biz= Kim Jisun] South Korean authorities have launched an investigation into a possible connection between North Korean hacking groups and a recent data breach involving employee information at Shinsegae Group, according to security industry sources and law enforcement officials.
On February 4, cybersecurity experts and investigators said police and intelligence authorities identified indications of a potential North Korean link while probing the hacking incident that occurred in December last year. Authorities are reportedly analyzing server routing paths and intrusion techniques used in the attack to determine whether it was conducted by North Korea–affiliated actors.
An official at the National Intelligence Service (NIS) said, “We identified signs of hacking affecting the company in December last year and notified the company at the time. The police are currently investigating the matter.”
The incident came to light after Shinsegae Group’s internal systems were compromised in a cyberattack. The company disclosed that it had detected unauthorized access to its internal intranet using a variant of malicious code in December. A preliminary internal assessment estimated that personal information of approximately 80,000 employees may have been exposed.
According to Shinsegae Group, the breach was discovered on December 24 during a routine inspection of its intranet systems. The leaked information reportedly included employee identification numbers, departmental affiliations, and similar internal data, affecting both group employees and 일부 partner companies.
Shinsegae I&C, the group’s IT services subsidiary, determined at the time that the incident was likely caused by external unauthorized access resulting from malware infection, and initiated a detailed investigation to establish the full facts.
Unauthorized access refers to any act in which an entity gains entry to systems or data without proper authorization or beyond permitted access rights, regardless of the identity of the intruder.
Security authorities are also examining the possibility that the incident may have involved broader risks beyond personal data leakage. Given the interconnected nature of the retail and logistics industry—where systems are often linked with numerous partner companies—officials warn that the breach could potentially evolve into a wider supply chain security issue.
Alphabiz Reporter Kim Jisun(stockmk2020@alphabiz.co.kr)
