Simulated Hack Breaches 100% of Tested Public Sector Systems

In a report released in January 2026, the Board of Audit and Inspection (BAI) revealed that simulated cyberattacks conducted with white-hat hackers successfully breached all seven public-sector systems tested. The vulnerabilities were severe: in one system, hackers were able to query resident registration numbers for approximately 50 million people—virtually the entire South Korean population. Another test showed that data for 10 million members could be exfiltrated in under 20 minutes. The audit highlighted systemic failures, including unencrypted administrator credentials and retired employees retaining active access to sensitive education databases.