Seoul Facility Corporation Kept Silent on Data Breach Affecting 4.5 Million Ddareungi Users

Society|
|
By Park Chang-gyu
||
4.5 million Ttareungyi users' personal information leaked, kept quiet... Seoul Facilities Corporation belatedly exposed - Seoul Economic Daily Society News from South Korea
4.5 million Ttareungyi users' personal information leaked, kept quiet... Seoul Facilities Corporation belatedly exposed

Seoul Facility Corporation, operator of Seoul's public bike-sharing service Ddareungi, failed to take action despite learning of a member data breach in 2024, it has emerged.

"On January 27, we were notified by the Seoul Metropolitan Police Agency of suspected member information leakage, and during our internal investigation, we confirmed on the 5th that the corporation's staff knew about this but did not act," Han Jeong-hun, Seoul Metropolitan Government's transportation operations director, said at a briefing Thursday.

According to the city, the Ddareungi app experienced service disruptions for approximately 80 minutes from June 28-30, 2024, due to a distributed denial-of-service (DDoS) attack. In July of the same year, KT, the server management company, submitted a 10-page report to the corporation detailing the data breach.

At the time, the Ddareungi app had approximately 4.5 million registered users. The report indicated that six types of user information were leaked: user IDs, mobile phone numbers, gender, email addresses, weight, and dates of birth. However, the corporation did not report this to Seoul city government or relevant authorities.

Separately, police investigating another cyberattack case discovered Ddareungi member information on a suspect's computer that appeared to have been obtained through a past DDoS attack. Police contacted Seoul city government to verify the information. Through this process, it belatedly emerged that there were serious problems with the corporation's initial response in 2024.

Seoul city government has notified police about the corporation's failure to take appropriate action despite knowing about the breach, enabling additional investigation to proceed. The city is also reviewing an internal audit. The exact scale of the data breach will need to be determined through the investigation results, the city said.

The corporation had previously received notification from police on January 27 about the Ddareungi member data breach but only reported it to relevant authorities on the 30th.

Related Video

#Ddareungi#DataBreach#Seoul#Cybersecurity#PersonalData#BikeSharing#DDoS#PrivacyBreach

Original reporting by Park Chang-gyu for Seoul Economic Daily.

AI-translated from Korean. Quotes from foreign sources are based on Korean-language reports and may not reflect exact original wording.

View Korean originalTranslation Policy
Front Page Daily cover art

🎧Listen to AI PRISM·Front Page Daily

KOSPI 8,000 and a Crash, Samsung Strike, Trump in Beijing | May 16 2026 | Front Page Daily

00:0004:22
← Back to Home

AI KEY

Preview
Korean Corporate Intelligence HubKOSPI · KOSDAQ · 12 sectors

A live, cap-weighted view of every KOSPI and KOSDAQ sector, with same-day Korean reporting distilled by company — built for foreign investors, correspondents and analysts who need to scan Korea before the next session.

Open in full screen

Korea Chaebol Tree

Preview
Families Behind the GroupsKFTC May 2026 · DART filings

An English-first interactive map of Samsung, SK, Hyundai, LG and Lotte — built for foreign investors, correspondents and analysts. Korea translates companies into English. We translate the families behind them.

Open in full screen