[2025 Audit] 30 Billion Won in Damages from Hacking and IT Failures in Financial Sector Over Six Years
31 Hacking Incidents and 1,884 IT System Failures in Six Years
Kang Mingguk: "Financial Authorities Must Establish Security Inspection Plans"
Over the past six years, financial institutions in South Korea have suffered damages amounting to nearly 30 billion won due to hacking incidents and system failures.
According to data titled "Status of Hacking and System Failures in Domestic Financial Institutions," submitted by Kang Minguk, a member of the National Assembly's Political Affairs Committee from the People Power Party, to the Financial Supervisory Service on October 22, there were 31 hacking incidents and 1,884 system failures reported from 2020 through last month, spanning a period of just over six years.
Analyzing the number of hacking incidents by year: there were 8 cases in 2020, 5 in 2021, 1 in 2022, 5 in 2023, 4 in 2024, and 8 cases up to September 2025, indicating a sharp increase this year. The hacking incidents reported this year involved iMBank (February 28), KB Life Insurance (May 16), Nomura Financial Investment (May 16), Standard Chartered Bank Korea (May 18), Hana Card (June 17), SGI Seoul Guarantee Insurance (July 14), AXA General Insurance (August 3), and Lotte Card (August 12).
The total number of leaked information due to hacking incidents reached 51,004 cases. Compensation was provided to 172 individuals, amounting to 207.1 million won in total.
By sector, the banking industry experienced the highest number of hacking incidents with 12 cases, followed by securities (6 cases), non-life insurance (5 cases), card companies (4 cases), savings banks (3 cases), and life insurance (1 case).
In terms of information leakage due to hacking, savings banks accounted for the largest share with 36,974 cases, followed by securities (10,883 cases), card companies (3,890 cases), life insurance (2,673 cases), and banks (474 cases).
When categorizing hacking incidents by attack method, denial-of-service attacks were the most common with 13 cases (41.9%). There were 7 cases each for malware and security vulnerability exploitation, 1 case of unauthorized access and manipulation, and 3 cases classified as other.
The attack method responsible for the largest amount of information leakage was malware, accounting for 29,805 cases (58.4%), followed by security vulnerability exploitation (14,053 cases), and unauthorized access and manipulation (7,146 cases). There were no cases of information leakage resulting from denial-of-service attacks.
Over the past six years, system failures (1,884 cases) resulted in a total downtime of 528,504 hours. The financial losses incurred due to these failures amounted to 29.63352 billion won.
By year, the breakdown is as follows: in 2020, there were 236 cases (115,787 hours, 13.93815 billion won); in 2021, 289 cases (166,707 hours, 7.33941 billion won); in 2022, 326 cases (107,650 hours, 4.56434 billion won); in 2023, 356 cases (54,412 hours, 2.24512 billion won); and in 2024, 398 cases (64,596 hours, 1.37398 billion won), showing an increasing trend in the number of system failures since last year. This year alone, there have been 279 cases (19,350 hours, 172.52 million won) of system failures.
Hot Picks Today
"Stocks Are Not Taxed, but Annual Crypto Gains Over 2.5 Million Won to Be Taxed Next Year... Investors Push Back"
- "Not Jealous of Winning the Lottery"... Entire Village Stunned as 200 Million Won Jackpot of Wild Ginseng Cluster Discovered at Jirisan
- Bull Market End Signal? Securities Firm Warns: "Sell SK hynix 'At This Moment'"
- "Greater Impact on Women Than Men"... The 'Diet Trap' That Causes Sleepless Nights and Suffering
- "Even With a 90 Million Won Salary and Bonuses, It Doesn’t Feel Like Much"... A Latecomer Rookie Who Beat 70 to 1 Odds [Scientists Are Disappearing] ③
Kang stated, "The fact that system failures and hacking incidents are occurring simultaneously, seemingly mocking the financial authorities' efforts to strengthen oversight, indicates that current countermeasures are proving ineffective in addressing security issues within the financial sector. The financial authorities must establish a comprehensive security inspection plan for the entire financial industry and impose strong sanctions, such as additional inspections, on companies that fail to comply."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
