Hackers have stolen the personal information of almost 1,000 North Korean defectors, the South Korean government revealed today.
Only information from one of the 25 defector support centers was stolen, officials said. The hack took place after an employee of a defector support center opened a malicious document he received via email on Monday, December 19, 2018.
The hacked support center is the one catering for North Korean defectors who have relocated in the North Gyeongsang province (Gyeongbuk, formerly Gyeongsangbuk-do).
According to a message posted on the support center’s website, the hackers made off with personal details such as names, dates of birth, and home addresses.
In a press release, the Ministry of Unification said hackers stole information on 997 North Korean defectors living in the North Gyeongsang province, except the city of Gyeongsan.
South Korea houses over 30,000 North Korean defectors.
The Ministry of Unification said it already notified the defectors who had their data stolen and is running a support desk where affected parties can call or visit for additional advice.
Authorities are still investigating the incident, and it is unclear if this was a mundane data theft, or if the North Korean government’s infamous hacker groups were behind the attack.
Most political analysts fear the worst; that the Pyongyang regime was behind the attack. Experts say the lives of the defectors and their families, both to the south and north the border, might now be in danger. Just like most communist countries, North Korea has often retaliated against defectors’ families in the past.
The North Korean government has historically engaged in hacking campaigns aimed at unmasking and tracking the lives and whereabouts of defectors.
In 2013, North Korean state-sponsored hackers breached several websites of associations ran by or for North Korean defectors.
In 2016, a North Korean hacking group known as FreeMilk also targeted North Korean defectors hiding in the UK, and in 2018, a new North Korean hacker group tracked APT37 also targeted defectors living in South Korea.
Related cybersecurity coverage: