Cyber Incident Victim: Yes24
Date:
Jun 2025
Location:
South Korea
Summary
Yes24 suffered a ransomware attack that took its website and services offline, disrupting ticket sales for concerts, e‑book access and community forums and forcing organizers to postpone or cancel events featuring K‑pop acts and musicals. The company said it regained control of its administrator account and is working to restore full operations while South Korea’s privacy watchdog has opened an investigation into whether customer data was exposed, noting that the company has not confirmed any leakage but reported suspicious unauthorized access to its data to the regulator.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Onearly Monday, a ransomware attack struck Yes24, South Korea’s largest ticketing platform and online book retailer, causing its website and associated services to go offline. The outage persisted for four consecutive days, disrupting online bookings for concerts, access to e‑books, and participation in community forums. Yes24 announced that it aims to restore full operations by June 15. In response, the Personal Information Protection Commission launched an investigation to determine whether customer data may have been exposed and to assess compliance with national data‑privacy laws. The company stated that it has not yet confirmed any external leakage of personal information but reported suspicious activity involving unauthorized access to customer data to the privacy agency.
The service interruption triggered a cascade of disruptions across the entertainment industry, with presales and scheduled events for K‑pop artists such as Park Bo‑gum, Enhypen, Ateez and rapper B.I being postponed or canceled. Producers of musicals including “The Bridges of Madison County” and “Aladdin” instructed audience members to present printed or emailed reservations to gain admission, and several attendees were turned away earlier in the week when they could not provide verifiable ticket details. On Wednesday, Yes24 said it had regained control of its administrator account and was working to restore other services, while the identity of the threat actor behind the attack remained unknown. The company reiterated that, should further investigation confirm a leak of personal data, it would immediately notify affected users. Ticketing platforms are noted as attractive targets for cybercriminals because they store large volumes of personal data, process high volumes of payments, and face strong pressure to pay ransoms quickly to avoid event disruptions and reputational harm.
The article also references previous ransomware activity against ticketing services in the United States, where platforms such as StubHub and Ticketmaster were targeted to disrupt ticket sales for Taylor Swift’s Eras Tour concert. The report was authored by Daryna Antoniuk, a reporter for Recorded Future News based in Ukraine, who covers cybersecurity startups, cyberattacks in Eastern Europe and the broader cyberwar between Ukraine and Russia. Her work has appeared in outlets including Forbes Ukraine, Sifted, The Kyiv Independent and The Kyiv Post.