Republic of Korea: Personal Information Protection Commission announced investigation into Yes24 following personal data breach

On 11 June 2025, the Personal Information Protection Commission (PIPC) of the Republic of Korea announced an investigation into a personal data breach at Yes24 Co. The data breach followed a ransomware attack detected on 9 June 2025, prompting the company to file a data breach notification on the morning of 11 June. The investigation aims to determine the circumstances and scale of the data breach at Yes24 and assess the company's compliance with security measures stipulated under the Personal Information Protection Act. The PIPC announced that administrative actions would be taken in accordance with relevant legislation should any violations be confirmed.