Kyowon Group, a significant player in South Korea's education and publishing sectors, reported a ransomware attack that has disrupted its operations. The company confirmed that the attack occurred in January around 10 a.m. and involved the exfiltration of customer data. Korean media estimates suggest that over 9.6 million accounts, affecting roughly 5.5 million people, may have been compromised. The attack has impacted approximately 600 of Kyowon’s 800 servers. Initial signs of the cyber incident were apparent through service outages, prompting Kyowon to notify the Korea Internet & Security Agency and to prepare for potential customer notifications if a data leak is confirmed. Their latest statement acknowledges that some data was stolen, but they have yet to determine if customer information is among the compromised data. The company is cooperating with authorities and security experts to investigate the breach and is in the process of restoring its online services. This incident is part of a troubling trend of significant cyberattacks against South Korean companies. Previous breaches include a December 2025 incident at Coupang affecting 33.7 million customers and a malware breach at SK Telecom that exposed data for 27 million subscribers. As of now, no major ransomware group has claimed responsibility for the Kyowon attack, and further details are awaited as the investigation unfolds.