**Hack Attack on Day Four… Controversy over 'Avoidance of Responsibility' Amid Recovery Delays**

The largest online bookstore in South Korea, Yes24, has experienced service disruptions due to a hacking incident for four consecutive days. While the company stated that it is "cooperating with cyber security authorities," the responsible authorities have presented a different viewpoint, leading to controversy.

On the 12th, the Korea Internet & Security Agency (KISA) officially refuted Yes24's claims, stating that "there are discrepancies in Yes24's announcements."

Earlier, Yes24 had issued a statement asserting that it was "putting all efforts into identifying the cause and recovery efforts in collaboration with KISA," but KISA claims there has been no cooperation from Yes24.

**"Access Blocked" … 'Fruitless Visits' Despite Two Deployments**

According to KISA, specialists for incident response were dispatched to Yes24's headquarters twice on the 10th and 11th to investigate the cause of the hacking incident. However, KISA explains that the response from Yes24 was merely a brief verbal account, and practical access to the systems was denied.

A KISA official stated, "Despite requests for technical cooperation for accident analysis and recovery, Yes24 did not allow access," adding, "Experts were on-site, but a proper investigation was not conducted over the two days."

Yes24 maintains that its internal security team is conducting a preliminary analysis. The company explained that "it is customary for businesses with specialized analysis teams to conduct an initial self-analysis before conducting a comprehensive review with KISA."

**Skepticism Regarding "Cooperation" Claims… Controversy Over Data Breach Risks**

However, security industry insiders express skepticism about Yes24's explanations. A source in the security field pointed out, "While KISA's support is not a legal obligation, it is difficult to understand why they would ignore a request for cooperation when recovery has not been achieved even after four days."

This attack employed a 'ransomware' method, seizing server access to demand monetary compensation, and it has been reported that Yes24 was actually asked for a ransom by the hackers. As of now, KISA has not been able to secure key information such as the number of infected servers, attack routes, or the scope of damage.

Concerns over potential data breaches are also rising. Yes24 stated, "No indications of external data leaks have been confirmed so far," but security experts caution that hackers often delete traces before launching additional attacks, advising against premature conclusions.

Image source: News1, KISA, Yes24 Used Bookstore / Photo = Insight