Final Report on Cybersecurity Incident

We have completed our investigation into the cybersecurity incident that was announced on November 26, 2025.

Our investigation confirmed that unauthorized access occurred via our remote-work VPN between approximately 3:00 p.m. on November 20 and 4:00 a.m. on November 21, during which several internal servers were compromised.
We found no evidence of data destruction, data loss, or large-scale data leakage. However, we cannot entirely rule out the possibility that some information may have been exposed. We have already notified all individuals whose information may have been affected.
The activity observed appears to have been limited to reconnaissance or preparatory actions for potential future attacks. The incident was the result of operational and configuration issues rather than system vulnerabilities.

While core internal systems are now operational, VPN-based remote work remains unavailable. We plan to resume service after system upgrades and enhanced security measures are in place. We are also strengthening system-wide security and monitoring and will continue efforts to improve our security posture.

The information provided is current as of the date of publication. Please note that the content may differ from the latest information.