Welcome Financial Group confirmed Monday that one of its lending affiliates was hit by a ransomware attack, raising fresh concerns over cybersecurity in Korea’s financial sector.

Hackers claiming responsibility on the dark web alleged they had stolen one-point-024 terabytes of customer data, including names, addresses and account numbers, though the company said the leaked documents appeared limited to internal files such as meeting records.

The group reported the breach to the Korea Internet & Security Agency and financial regulators earlier this month and is checking whether other affiliates were also targeted.

Welcome said its core savings bank unit, which handles deposits and loans, was unaffected as its servers are separated, stressing that “bank customer information remains secure.”

The Russian-speaking hacker group released sample files online to support its claims and accused the company of failing to safeguard sensitive data.

The incident follows recent cyberattacks on Yes24 and SGI Seoul Guarantee, prompting experts to call for stronger defenses as ransomware continues to spread across Korean corporations.