BGF Networks Hack Leads to Personal Data Breach at CU Convenience Stores

It has been confirmed that customer personal information was leaked due to a hacking attack on BGF Networks, which operates the CU convenience store delivery service. The security lapse caused by external intrusion has exposed vulnerabilities, leading to widespread concerns about the overall user information protection system. BGF Networks identified unauthorized access to its systems the previous day, and it is understood that an unidentified attacker infiltrated internal systems by exploiting web vulnerabilities.

BGF Networks immediately blocked the attack IP and implemented emergency security measures upon recognizing the anomalies. The company has activated its internal response system and begun an urgent inspection of its entire system, while simultaneously conducting log analysis and vulnerability patching to prepare for potential further intrusions.

The leaked personal information includes names, mobile phone numbers, email addresses, addresses, gender, and IDs. It is understood that some encrypted passwords (one-way encrypted) and authentication/linking information such as CI (Connecting Information) were also leaked.

The cybersecurity industry has analyzed that the intrusion likely occurred through web vulnerabilities. Given the structure where delivery reception and logistics information are concentrated, there is a high risk due to the large volume of personal data stored in one location. The leaked information could potentially be exploited for secondary crimes such as phishing and smishing.

BGF Networks has reported the incident to relevant authorities, including the Personal Information Protection Commission and the Korea Internet & Security Agency (KISA), and is cooperating with their investigations.