GS Shop, a home shopping company under GS Retail, has reported a breach of approximately 1.58 million customer personal information records following a hacking attack on its website. The company disclosed that the breach occurred between 21 June 2024 and 13 February 2025.
Photo: Dreamstime.
The compromised data includes customer names, gender, dates of birth, contact details, addresses, IDs, emails, wedding anniversaries, and personal customs clearance codes. However, financial information such as payment methods and membership points was not affected. The breach follows a previous data leak of 90,000 GS Retail members through GS25 convenience stores in late 2024.
The hacking method used was 'Credential Stuffing', where attackers utilised login credentials obtained through illicit channels to gain unauthorised access to accounts. GS Shop confirmed that the same method was used in both incidents.
In response, GS Retail implemented measures such as blocking suspicious IP addresses, strengthening login identification processes, and advising affected customers to update their passwords. The company plans to establish a permanent information protection countermeasure committee and enhance security policies, technology, and personnel.
GS Retail stated it would cooperate with regulatory investigations and maintain transparent communication to prevent further incidents.
Source: www.mk.co.kr