CU Convenience Store Delivery Service Suffers Data Breach, Raising Security Concerns

BGF Networks, which operates CU convenience store deliveries, has confirmed that customer personal information was leaked due to hacking. Following recent data breaches at companies like Coupang and GS Retail, concerns about security vulnerabilities in the retail and e-commerce sectors are growing.
 
According to industry sources, BGF Networks identified unauthorized access by an unknown hacker on June 4, leading to the data leak, which was publicly disclosed on June 6. The leaked information includes usernames, passwords, names, birthdates, genders, addresses, emails, and mobile phone numbers. BGF Networks clarified that the leaked information pertains only to online member customers and does not include third-party information such as recipients entered during shipping.
 
The company promptly blocked the attack's Internet Protocol (IP) address, completed security measures, and activated an incident response team. They also reported the incident to the Personal Information Protection Commission and the Korea Internet & Security Agency (KISA). BGF Networks urged customers to change their passwords if they use the same password across multiple sites, although they assured that the passwords are encrypted and secure.
 
This incident is part of a broader trend where retail and e-commerce companies are becoming prime targets for cyberattacks. Last November, Coupang experienced a massive data leak affecting approximately 33.7 million customer accounts, including names, addresses, and contact information, due to a former employee's actions. GS Retail also confirmed data leaks affecting around 90,000 customers through its GS25 website and an additional 1.58 million records from its home shopping website. Other companies, including luxury platform Mustit, Adidas, and Papa John's Korea, reported similar breaches that year, with Papa John's leak including names, contact details, addresses, and some credit card information.
 
In addition to customer data, there have been targeted leaks of employee information. In December, Shinsegae Group reported a breach that exposed information on about 80,000 employees, including employee numbers and department affiliations. This year, leaks have continued, with CJ Group confirming that on May 18, personal information of 330 female employees, including phone numbers, emails, job titles, departments, and photos, was posted without authorization in a public Telegram channel. Some of the leaked information reportedly included details related to the company's intranet, which is not accessible to the general public.
 
An industry insider noted, "Retail and e-commerce companies hold vast amounts of member information, making them prime targets for hackers. Recently, attacks have diversified beyond simple system hacks to include account takeovers of partner companies, necessitating enhanced security investments and employee training."