In 2024, a significant data breach involving the Seoul city government's public bike sharing service, Ttareungyi, led to the theft of personal information from approximately 4.62 million users. The incident was executed by two teenagers, who have now been referred for prosecution by the Seoul Metropolitan Police Agency for violating laws related to information and communications networks.
The suspects, both high school students at the time of the hacking, reportedly accessed the server of Seoul Facilities Corp. over a two-day period beginning June 28. Their actions resulted in the compromise of sensitive data, including usernames, email addresses, and mobile numbers, while names and resident registration numbers remained secure. Police believe the motive may have been to sell the stolen information, although no evidence of third-party leaks has been uncovered.
The hacking was uncovered during a separate investigation into an attack on a private mobility rental service in April 2024. While one suspect claimed curiosity as his motivation for the crime, the other chose to remain silent. Authorities have sought an arrest warrant for one suspect, but the prosecution denied the request due to their juvenile status. Additionally, the police are looking into potential negligence by officials at Seoul Facilities Corp. regarding the management of the compromised server.