Data breach hits South Korean asset management firms
Around 20 asset management companies in South Korea suffered a data breach earlier this month, according to industry sources.
Ransomware group behind the attack
The breach took place through a cloud server managed by an IT subcontractor. The server was mostly used by small and medium-sized private equity funds. A Russian-speaking ransomware group named Qilin carried out the hack.
Type of data stolen
Qilin claimed that it accessed sensitive files, including tax documents, employee records, and personal details of investors.South Korea
Authorities monitoring the case
Financial authorities stated that they have not received any reports of credit data leaks that could cause financial loss. Officials said they had prior knowledge of the breach and have been closely monitoring the situation.
A pattern of cyberattacks in the financial sector
This incident adds to a growing list of cyberattacks targeting South Korea financial industry. Recently, Lotte Card, the fifth-largest card company in the country, faced a massive leak that exposed information of around three million customers.
Rising number of cyber incidents
Data from the past six years shows more than 7,000 cybersecurity breaches reported by South Korean firms. Official figures revealed 7,198 incidents between 2020 and September 2025. Small and medium-sized companies accounted for the majority of these cases, highlighting their vulnerability to cyberattacks. Experts warn that rising digital adoption and insufficient security measures are increasing the risk of data breaches across the financial and corporate sectors.
Year-on-year growth in cases
In 2020, authorities recorded 603 cases. The number rose slightly to 640 in 2021 and almost doubled to 1,142 in 2022. Reports increased to 1,277 in 2023, jumped to 1,887 in 2024, and reached 1,649 cases so far in 2025.
Smaller firms most affected
Small and medium-sized companies reported 5,907 incidents, which account for about 82 percent of the total. Mid-sized firms logged 592 cases, large conglomerates reported 242, and nonprofit groups filed 457.
Also Read: Microsoft to use LinkedIn data for AI and ads from Nov 3
