Hackers breached Hanatour, South Korea's largest travel agency, this month and stole the personal data of more than one million customers. The information included names, phone numbers, social securit
Hackers breached Hanatour, South Korea's largest travel agency, this month and stole the personal data of more than one million customers. The information included names, phone numbers, social security numbers, home addresses, and email addresses.
The hackers used phishing messages and malware to compromise employee computers, gaining access to Hanatour's customer databases. The group then demanded a Bitcoin ransom, with the amount remaining undisclosed. Hanatour notified affected customers and announced it would partner with government agencies and security firms to investigate.
Hanatour holds South Korea's dominant position in travel, measured by revenue, customer base, and reputation. Since 2007, the company has expanded into new international markets, establishing offices in Japan and China. South Korean law enforcement is investigating the incident. Given that authorities suspect North Korean involvement, they doubt Hanatour will pay the ransom demand. However, the hackers could post the stolen data for sale on dark web marketplaces, a tactic other groups have used.
Another major South Korean company, Bithumb, experienced a similar breach. Hackers targeted employee computers with deceptive emails and malicious software to access Bithumb's systems. The Seoul Central Prosecutor's Office for Advanced Criminal Investigation and the Seoul Metropolitan Police Agency's Department of Cybercrime suspect a North Korean hacking group launched both attacks. North Korean hackers have demanded Bitcoin payments in exchange for stolen data on previous occasions.
FireEye, a security research firm, said: "In 2016 we began observing actors we believe to be North Korean utilizing their intrusion capabilities to conduct cyber crime, targeting banks and the global financial system. This marked a departure from previously observed activity of North Korean actors employing cyber espionage for traditional nation state activities."
The Hanatour breach stands as the largest cyber attack targeting a travel agency in South Korea and possibly the nation's largest Bitcoin ransom-demanding hack.
