Korean online bookstore Yes24 hit by ransomware attack, offline for two days

Yes24, one of Korea's largest online bookstores and ticketing platforms, was hit by a ransomware attack that began around 4 a.m. on Monday, June 9, 2025, forcing the company to shut down all services for two consecutive days. 

The ransomware attack caused complete system-wide outages across all of Yes24's digital platforms and services including 

• book sales,
• ticketing operations,
• e-book distribution,
• digital library services,
• the Sarak content platform.

Yes24 claims that no personal data had been leaked or compromised during the incident. The company stated that all order and transaction data remained intact throughout the attack. 

Yes24's response to the incident has drawn criticism for its delayed communication with users. The company reported the attack to the authorities immediately after discovering the breach, it did not inform its user base until 36 hours later. During this period, the company's website merely cited "system maintenance" or "system failure" as the reason for service unavailability.

Several live entertainment events that relied on Yes24's ticketing platform faced operational challenges. Producers of popular musicals including "Bare the Musical," "Gutenberg," and "The Bridges of Madison County" were forced to post emergency notices on social media, asking attendees to bring booking confirmation emails or printed tickets to ensure entry. The disruption also forced K-pop boy band Enhypen to cancel applications for their fan signing event, which was originally scheduled to remain open through Yes24's platform from June 7 to 9.

Yes24 has committed to preparing comprehensive compensation plans for both affected users and business partners once services are fully restored.