Hackers have stolen the personal information of almost 1,000 North Korean defectors, the South Korean government revealed today.
Only information from one of the 25 defector support centers was stolen, officials said. The hack took place after an employee of a defector support center opened a malicious document he received via email on Monday, December 19, 2018.
The hacked support center is the one catering for North Korean defectors who have relocated in the North Gyeongsang province (Gyeongbuk, formerly Gyeongsangbuk-do).
According to a message posted on the support center's website, the hackers made off with personal details such as names, dates of birth, and home addresses.
In a press release, the Ministry of Unification said hackers stole information on 997 North Korean defectors living in the North Gyeongsang province, except the city of Gyeongsan.
South Korea houses over 30,000 North Korean defectors.
The Ministry of Unification said it already notified the defectors who had their data stolen and is running a support desk where affected parties can call or visit for additional advice.
Authorities are still investigating the incident, and it is unclear if this was a mundane data theft, or if the North Korean government's infamous hacker groups were behind the attack.
Most political analysts fear the worst; that the Pyongyang regime was behind the attack. Experts say the lives of the defectors and their families, both to the south and north the border, might now be in danger. Just like most communist countries, North Korea has often retaliated against defectors' families in the past.
The North Korean government has historically engaged in hacking campaigns aimed at unmasking and tracking the lives and whereabouts of defectors.
In 2013, North Korean state-sponsored hackers breached several websites of associations ran by or for North Korean defectors.
In 2016, a North Korean hacking group known as FreeMilk also targeted North Korean defectors hiding in the UK, and in 2018, a new North Korean hacker group tracked APT37 also targeted defectors living in South Korea.
Related cybersecurity coverage:
- Hacker steals 10 years worth of data from San Diego school district
- North Korea blamed for two cryptocurrency scams, five trading platform hacks
- Global hacking campaign takes aim at finance, defence and energy companies
- North Korea is the most destructive cyber threat right now: FireEye
- North Korea's APT38 hacking group behind bank heists of over $100 million
- North Korea claims hacker responsible for WannaCry outbreak does not exist
- Marriott reveals data breach affecting 500 million hotel guests TechRepublic
- Firefox warns if the website you're visiting suffered a data breach CNET