Netmarble, a leading South Korean game publisher, suffered a **data breach** on its legacy PC gaming platform, exposing **customer names, birth dates, and encrypted passwords**. The incident was reported **three days after discovery**, violating South Korea’s network law, which mandates disclosure within **24 hours** of detecting a cybersecurity incident. The delay drew criticism from lawmakers, including **Ruling Party lawmaker Choi Min-hee**, who highlighted potential fines of up to **30 million won** for non-compliance. The breach adds Netmarble to a growing list of companies targeted by hackers in 2025, raising concerns over **data privacy, regulatory compliance, and customer trust**. While the exposed data was partially encrypted, the incident underscores vulnerabilities in legacy systems and the escalating risks of **personal information leaks** in the gaming industry. The breach did not involve ransomware or financial theft but focused on **unauthorized access to sensitive user details**, prompting scrutiny over the company’s incident response protocols and adherence to cybersecurity regulations.
Netmarble cybersecurity rating report: https://www.rankiteo.com/company/netmarble-games
"id": "NET1435614112725",
"linkid": "netmarble-games",
"type": "Breach",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Gaming',
'location': 'South Korea',
'name': 'Netmarble',
'size': 'Large (one of South Korea’s biggest game '
'publishers)',
'type': 'Company'}],
'data_breach': {'data_encryption': 'Yes (passwords were encrypted)',
'personally_identifiable_information': ['names',
'birth dates'],
'sensitivity_of_data': 'Moderate to High (PII including '
'names, birth dates, and encrypted '
'passwords)',
'type_of_data_compromised': ['personal information',
'encrypted passwords']},
'date_publicly_disclosed': '2025-11-27',
'description': 'Netmarble disclosed a data breach affecting its legacy PC '
'gaming platform, exposing customer names, birth dates, and '
'encrypted passwords. The company faced criticism for delaying '
'the report to regulators by three days, potentially violating '
"South Korea's network law, which mandates reporting within 24 "
'hours. The breach is part of a growing trend of cyberattacks '
'targeting major companies in 2025.',
'impact': {'brand_reputation_impact': 'Criticism from lawmakers and potential '
'regulatory fines',
'data_compromised': ['customer names',
'birth dates',
'encrypted passwords'],
'identity_theft_risk': 'Possible (due to exposed PII)',
'legal_liabilities': "Potential violation of South Korea's network "
'law (fines up to 30 million won)',
'systems_affected': ['legacy PC gaming platform']},
'references': [{'date_accessed': '2025-11-27', 'source': 'MLex Insight'}],
'regulatory_compliance': {'fines_imposed': 'Potential fines up to 30 million '
'won',
'regulations_violated': ["South Korea's network law "
'(24-hour reporting '
'requirement)'],
'regulatory_notifications': 'Delayed by three days'},
'response': {'communication_strategy': 'Public disclosure (with delay)'},
'title': 'Netmarble Data Breach Affecting PC Gaming Platform',
'type': 'Data Breach'}