Personal information of about 4.5 million members of Seoul's public bike sharing service Ttareungyi is believed to have leaked in 2024, leading to a police investigation. The breach, suspected to be the work of hackers, is thought to have occurred around the time of widespread DDoS attacks on public institutions.
Seoul Facilities Corp., the operator of the city's public bike sharing service Ttareungyi, was recently notified by the Seoul Metropolitan Police Agency of a suspected data breach. According to Yonhap News Agency, personal details including names, phone numbers, dates of birth, and addresses of some 4.5 million out of 5 million members appear to have been compromised.
The Seoul city government clarified that names and resident registration numbers were not leaked, as they are not required for service signup. However, sensitive information voluntarily entered by members may have been included, raising fears of fraud and secondary harms.
Police launched the probe after discovering the leaked Ttareungyi data during another investigation, suspecting hackers. The incident is believed to have taken place around April 2024, when numerous public institutions faced distributed denial-of-service (DDoS) attacks, though no damage was reported at the time.
This episode highlights vulnerabilities in public services and amplifies concerns over personal data protection for users. The city plans further assessments to gauge the full extent of the breach.
