Islamuddin Sajid
14 January 2026•Update: 14 January 2026
ISTANBUL
South Korean cybersecurity authorities are investigating a major suspected data breach at the Kyowon Group, estimating 9.6 million user accounts may have been affected by a recent cyberattack, media reports said Wednesday.
The estimate, made by a government-led investigation team that includes the Korea Internet & Security Agency, follows the Kyowon Group’s report earlier this week that it had detected signs of a ransomware attack on its internal systems, according to Yonhap News.
Kyowon Group, one of South Korea’s largest education and lifestyle companies, said it first noticed abnormal activity Saturday and later identified indications of a possible data breach.
Investigators said roughly 600 of Kyowon’s 800 servers are believed to fall within the scope of the breach.
Across its eight affiliates, Kyowon Group holds records for about 13 million members. After removing overlapping users, authorities calculate 5.54 million unique individuals, while the broader estimate of 9.6 million reflects users with multiple accounts.
Kyowon Group operates a wide range of businesses, including tutoring, home appliance rentals and funeral services.
But the company has not confirmed whether personal data was leaked.
"We have identified indications of a possible data leak, and an investigation is under way with relevant organizations and security institutions to determine whether consumers' data was actually breached," Kyowon Group said in a statement. "If customer data is confirmed to have been leaked, we will notify users in a transparent manner.”
Last year, several South Korean companies suffered cyberattacks that breached the personal data of millions of users.
