South Korean Teens Charged in Massive Data Breach of Bike-Sharing Service Ttareungyi
In June 2024, two South Korean teenagers identified only as Persons A and B were charged with breaching Ttareungyi, Seoul’s public bike-sharing service, and stealing sensitive data from approximately 4.62 million users. The breach exposed personal details, including user IDs, phone numbers, home addresses, email addresses, dates of birth, genders, and weights, affecting roughly 90% of the platform’s 5 million registered users.
According to police, Person A executed the attack, while Person B allegedly suggested downloading the stolen data. Both suspects are now of high school age. The incident underscores growing concerns about cybersecurity vulnerabilities in public services, particularly as NATO allies classify cyberattacks on critical infrastructure such as hospitals as potential acts of war.
The breach highlights the persistent threat of youth-driven cybercrime and the challenges in securing large-scale digital platforms. No ransom demands or financial motives have been reported in this case.
Ttareungyi TPRM report: https://www.rankiteo.com/company/shared-micromobility
"id": "sha1771960006",
"linkid": "shared-micromobility",
"type": "Breach",
"date": "6/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '4.62 million',
'industry': 'Transportation',
'location': 'Seoul, South Korea',
'name': 'Ttareungyi',
'size': '5 million registered users',
'type': 'Public bike-sharing service'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '4.62 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personally identifiable '
'information)',
'type_of_data_compromised': ['User IDs',
'Phone numbers',
'Home addresses',
'Email addresses',
'Dates of birth',
'Genders',
'Weights']},
'date_publicly_disclosed': '2024-06',
'description': 'In June 2024, two South Korean teenagers identified only as '
'Persons A and B were charged with breaching Ttareungyi, '
'Seoul’s public bike-sharing service, and stealing sensitive '
'data from approximately 4.62 million users. The breach '
'exposed personal details, including user IDs, phone numbers, '
'home addresses, email addresses, dates of birth, genders, and '
'weights, affecting roughly 90% of the platform’s 5 million '
'registered users.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'large-scale data exposure',
'data_compromised': 'Personal details (user IDs, phone numbers, '
'home addresses, email addresses, dates of '
'birth, genders, weights)',
'identity_theft_risk': 'High',
'systems_affected': 'Ttareungyi bike-sharing service platform'},
'investigation_status': 'Charges filed',
'lessons_learned': 'The incident underscores growing concerns about '
'cybersecurity vulnerabilities in public services and the '
'persistent threat of youth-driven cybercrime.',
'references': [{'source': 'News reports on the Ttareungyi data breach'}],
'regulatory_compliance': {'legal_actions': 'Charges filed against the '
'suspects'},
'response': {'law_enforcement_notified': 'Yes (police charged the suspects)'},
'threat_actor': 'Two South Korean teenagers (Persons A and B)',
'title': 'South Korean Teens Charged in Massive Data Breach of Bike-Sharing '
'Service Ttareungyi',
'type': 'Data Breach'}