Home > Business > Finance

More than 20 management companies may have suffered data breaches after a ransomware attack

Published: 23 Sep. 2025, 20:42

The Personal Information Protection Commission [PERSONAL INFORMATION PROTECTION COMMISSION]

More than 20 asset management companies in Korea are believed to have suffered data breaches after their servers were hacked in a ransomware attack, according to government officials.

The Personal Information Protection Commission (PIPC) said on Tuesday that it has launched an investigation after receiving reports of personal data leaks from multiple asset managers, including Majesty Asset Management and Vencore Asset Management. The firms reported the incidents after detecting ransomware infections and leakage of internal data, including employee information.

Ransomware refers to a type of cyberattack in which hackers encrypt computer systems or data and demand payment for decryption. At least 20 asset managers have been affected, financial authorities said. Awesome Asset Management apologized to clients earlier this month, posting a notice on its website on Sept. 12 about the potential exposure of personal information following a ransomware attack.

The common link among the affected firms is GJTec, a domestic IT service provider that manages servers and computer systems for asset managers and other financial institutions.

Earlier this month, GJTec was targeted by an international ransomware group known as Qilin, which then spread infections to servers at client firms across the industry. The PIPC said most Korean asset managers use GJTec’s services, suggesting the scale of the breach could grow.

Authorities currently believe that sensitive customer data has not been leaked, though Qilin has claimed on the dark web that it obtained client records from asset managers, including those of “well-known politicians and business figures.” The claim has not been verified.

The PIPC said it will investigate the incident to determine how the breach occurred, the scope of the damage and whether firms complied with mandatory security measures.

“Personal data breaches caused by ransomware are occurring in rapid succession,” a PIPC official said. “We are urging all companies to check for system vulnerabilities, conduct regular security updates and keep separate backups of key files, including customer databases, to strengthen cybersecurity.”

This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY KIM MIN-WOOK [[email protected]]