Cyber Incident Victim: Interpark Corp.
Date:
May 2016
Location:
South Korea
Summary
A South Korean online shopping mall experienced a significant data breach compromising personal information of over 10 million customers, including names, addresses, and phone numbers. The attacker allegedly infiltrated the company's systems by sending malicious code to employees, gaining unauthorized access to its database. Following the theft, the perpetrator attempted extortion by threatening public disclosure of the incident unless payment was received, prompting the victim to notify law enforcement. Police launched an investigation into the hacking incident after the extortion attempt was reported.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In May 2016, Interpark Corp., a leading South Korean online shopping mall, suffered a data breach involving unauthorized access to its customer database. An unidentified attacker penetrated the company’s systems by sending malicious code via email to company officials, enabling access to servers containing personal information. The compromised data included names, residential addresses, and phone numbers belonging to over 10 million customers. The breach remained undisclosed until July 2016, when Interpark reported the incident to law enforcement after receiving extortion demands from the hacker. The attacker threatened to publicly expose the theft unless financial demands were met, prompting the company to seek police intervention.
South Korean authorities launched a formal investigation earlier in July 2016 upon receiving Interpark’s report. Police confirmed the theft of customer records and identified the attacker’s use of malicious email communications as the initial intrusion vector. The investigation focused on tracing the perpetrator and assessing the full scope of the data exfiltration. No technical details regarding containment measures or system remediation were disclosed publicly. The incident exposed sensitive customer information but did not involve financial data or passwords according to available reports. Interpark faced reputational and operational risks due to the scale of the breach and subsequent extortion attempt, though specific financial or legal consequences were not detailed in initial disclosures.