South Korea is world-famous for its blazing-fast internet, near-universal broadband coverage, and its status as a leader in digital innovation. The country is home to global tech brands like Hyundai, LG, and Samsung. However, this very success has made it a prime target for hackers and exposed how fragile its cybersecurity defenses remain.
The country is reeling from a string of high-profile hacks that have affected credit card companies, telecoms, tech startups, and government agencies. These incidents have impacted vast segments of the South Korean population. In each case, ministries and regulators appeared to scramble in parallel, sometimes deferring to one another rather than moving in unison.
Critics argue that South Korea’s cyber defenses are hindered by a fragmented system of government ministries and agencies. This structure often results in slow and uncoordinated responses. With no clear government agency acting as a first responder following a cyberattack, the country’s cyber defenses are struggling to keep pace with its digital ambitions.
According to Brian Pak, the chief executive of Seoul-based cybersecurity firm Theori, the government’s approach to cybersecurity remains largely reactive. He states it is treated as a crisis management issue rather than as critical national infrastructure. Pak, who also serves as an advisor to SK Telecom’s parent company’s special committee on cybersecurity innovations, explained that because government agencies work in silos, developing digital defenses and training skilled workers often get overlooked.
The country is also facing a severe shortage of skilled cybersecurity experts. Pak said this is mainly because the current approach has held back workforce development. He explained that this lack of talent creates a vicious cycle, as without enough expertise it is impossible to build and maintain the proactive defenses needed to stay ahead of threats.
Pak also noted that political deadlock has fostered a habit of seeking quick, obvious fixes after each crisis. Meanwhile, the more challenging, long-term work of building digital resilience continues to be sidelined.
This year alone, there has been a major cybersecurity incident in South Korea every month, further mounting concerns over the resilience of the nation’s digital infrastructure.
In January 2025, GS Retail confirmed a data breach that exposed the personal details of about 90,000 customers. The stolen information included names, birth dates, contact details, addresses, and email addresses.
In February, the blockchain arm of Korean gaming company Wemade, Wemix, was hit by a 6.2 million dollar hack. Investors did not hear about the incident until several days later.
In April and May, South Korea’s part-time job platform Albamon was hit by a hacking attack. The breach exposed the resumes of more than 20,000 users. Also in April, telecom giant SK Telecom was hit by a major cyberattack where hackers stole the personal data of about 23 million customers, nearly half the country’s population. The aftermath lasted through May, with millions of customers offered a new SIM card.
In June, South Korea’s online ticketing and retail platform Yes24 was hit by a ransomware attack which knocked its services offline for about four days.
In July, the North Korea-linked Kimsuky group launched a cyberattack on South Korean organizations, including a defense-related institution, using AI-generated deepfake images. Also in July, the financial institution Seoul Guarantee Insurance was hit by a ransomware attack that disrupted its core systems and knocked key services offline.
In August, Yes24 faced a second ransomware attack which took its website and services offline for a few hours. Hackers also broke into the financial services company Lotte Card between July and August. The breach exposed around 200 gigabytes of data and is believed to have affected roughly 3 million customers. The breach remained unnoticed for approximately 17 days. Also in August, the lending arm of Welcome Financial Group was hit by a ransomware attack. A Russian-linked hacking group claimed it stole over a terabyte of internal files, including sensitive customer data. Furthermore, North Korea-linked hackers were discovered to have been spying on foreign embassies in South Korea for months by disguising their attacks as routine diplomatic emails.
In September, it was reported that the North Korea-backed hacking group Kimsuky used AI-generated deepfake images in a July spear-phishing attempt against a South Korean military organization. Also in September, telecom operator KT reported a cyber breach that exposed subscriber data from more than 5,500 customers. The attack was linked to illegal fake base stations that tapped into its network.
In light of the recent surge in hacking incidents, the South Korean Presidential Office’s National Security office is stepping in to tighten defenses. It is pushing for a cross-ministerial effort that brings multiple agencies together in a coordinated, whole-of-government response. In September 2025, the National Security Office announced it would implement comprehensive cyber measures through an interagency plan led by the president’s office. Regulators also signaled a legal change giving the government power to launch probes at the first sign of hacking, even if companies have not filed a report. Both steps aim to address the lack of a first responder.
However, South Korea’s fragmented system leaves accountability weak. Placing all authority in a presidential control tower could risk politicization and overreach. A better path may be a balance: a central body to set strategy and coordinate crises, paired with independent oversight to keep power in check. In such a hybrid model, expert agencies would still handle the technical work, just with more straightforward rules and accountability.
When reached for comment, a spokesperson for South Korea’s Ministry of Science and ICT said the ministry, along with other relevant agencies, is committed to addressing increasingly sophisticated and advanced cyber threats. The spokesperson added that they continue to work diligently to minimize potential harm to Korean businesses and the general public.