Home > Business > Industry

Welcome Financial Group lending unit suffers ransomware attack, internal documents exposed

Published: 18 Aug. 2025, 22:06

The Welcome Savings Bank headquarters in western Seoul [WELCOME SAVINGS BANK]

A subsidiary of Welcome Financial Group suffered a ransomware attack that exposed internal files, following similar breaches at Yes24 and Seoul Guarantee Insurance, industry officials said Monday.

Welrix F&I, a lending unit under Welcome Financial, reported that hackers infiltrated its system in early August and leaked some internal documents. The company reported the incident to the Korea Internet & Security Agency and financial regulators after confirming the breach.

A Russian-linked hacking group claimed responsibility on the dark web, saying it had obtained the group’s entire customer database, including names, birth dates, addresses, bank account details and emails. The group claimed to possess 1.024 terabytes of data, or about 1.32 million files, and even released samples that appeared to be internal documents.

"The leaked materials appeared to be meeting notes and internal approval documents, not customer information, " Welcome Financial said. "It is true that the lending unit came under attack, but the servers of our core affiliate, Welcome Savings Bank, are separate, so customer financial data remains secure."

Still, security experts warned that if the lending unit's customer data were included in the breach, the damage could fall heavily on low-credit borrowers. Welrix F&I buys nonperforming loans from Welcome Savings Bank, meaning sensitive financial data could be at risk if exposed.

Ransomware attacks encrypt a system’s files and demand payment for the release. The latest breach marks the third major case in recent months, following attacks on Yes24 and Seoul Guarantee Insurance.

“Despite repeated security incidents, too many companies still think these problems won’t affect them,” one cybersecurity expert said. “Firms need to stay alert and strengthen their defenses.”

This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY JEONG JAE-HONG [[email protected]]