29/69 Friday, January 16, 2026
Kyowon Group, a major South Korean conglomerate, has confirmed that it detected a cyberattack that disrupted its operations and resulted in data being stolen from its systems. The company stated that the incident, identified as a ransomware attack, was discovered in early January, during which threat actors were able to exfiltrate data. Kyowon operates across multiple sectors in South Korea, including education and publishing, digital learning platforms, hospitality, and various consumer services. According to local media reports, the company has more than 9.6 million registered user accounts, representing approximately 5.5 million individuals, raising concerns that customer data may have been affected. The attack is also reported to have impacted around 600 of Kyowon’s approximately 800 servers.
Kyowon noted that service disruptions became apparent over the past week, prompting an immediate incident response. The company notified the Korea Internet & Security Agency (KISA) and stated that it would directly inform customers if a confirmed personal data breach is identified. Kyowon has since acknowledged that data was indeed taken from its systems, but investigations are still ongoing to determine whether customer information was included in the exfiltrated data.
The company is currently conducting a joint investigation with relevant authorities and cybersecurity experts and has pledged to disclose information transparently should customer data be confirmed as compromised. Kyowon is also in the process of restoring its online systems, which are reportedly nearing full recovery. As of now, no ransomware group has publicly claimed responsibility for the attack.
