Lee & Lee Country Club Data Breach Attributed to North Korean State Actors

Lee & Lee Country Club, a golf club in Gapyeong, South Korea, reports a data breach affecting approximately 100,000 customers. The Korean National Police Agency (KNPA) notified the organization of the breach after detecting the compromise during an investigation into North Korean state-sponsored cyber activities. 

The incident is attributed to a hacking group operating under North Korea’s Reconnaissance General Bureau.

The attackers gained access by inserting malware into the club's web server on October 21, 2025. This malicious code allowed the threat actors to bypass security controls and access the backend database containing sensitive customer records. The breach remained undetected until the KNPA Public Security Investigation Command Division identified the infection.

The compromised data includes:

• Full names and dates of birth
• Gender and home addresses
• User IDs and account passwords
• Mobile and landline phone numbers
• Email addresses

Lee & Lee CC isolated the infected server and notified customers through text messages and a website notice. The company is currently working with the KNPA’s Security Cyber Investigation Division and has issued a public apology for the security failure.

Experts recommend that affected individuals change their account passwords immediately and enable multi-factor authentication where possible to prevent credential stuffing attacks. Users should also be alert for targeted phishing campaigns that may use the stolen personal details.