The startup support platform 'Moduui Changup,' operated under the Ministry of SMEs and Startups, has officially acknowledged a personal data breach and apologized to its users.

In a notice posted on the 18th, the platform stated, 'We failed to fulfill our duty to safely protect users' personal information,' adding, 'We deeply apologize to everyone who trusted and used our platform.'

■ Incident Overview... Breach Occurred After Profiles of Selected Candidates Were Made Public on the 15th

The incident occurred immediately after the profiles of 5,000 selected project candidates were made public on the 15th. Following the public release that morning, attempts to access non-public information through unauthorized channels were detected. The platform reportedly became aware of the issue at approximately 3:00 p.m. that afternoon through a user inquiry.

Access was immediately blocked and security measures were implemented. The following day, the 16th, a complaint was received from a user who reported receiving a promotional email from a specific artificial intelligence (AI) company, prompting a full-scale investigation into the possibility of a data breach.

■ Scope of Breach... Exposure of Emails, Idea Summaries, and Evaluation Comments

According to the investigation to date, a total of nine IPs have been confirmed to have accessed the information. The leaked data includes email addresses, partial idea summary information, and evaluation review comments.

However, the platform clarified that there is no confirmed evidence to date that core personal information such as participants' real names, phone numbers, original application documents, and detailed business ideas have been compromised.

■ Response Status... Immediate Blocking and Additional Security Measures Applied

Moduui Changup completely blocked all unauthorized access routes at 4:00 p.m. on the 15th, immediately upon becoming aware of the incident. At 6:00 p.m. on the 16th, the platform applied additional security features to prevent automated AI-based data collection.

Furthermore, the platform is individually notifying affected users and plans to collaborate with external specialized organizations, including the National Cyber Security Center, to accurately analyze the cause and investigate any additional damage. A separate damage reporting center is also being operated for users concerned about potential harm, where related incidents can be submitted via a dedicated email address. Each reported case will undergo individual verification and follow-up measures.

The platform stated, 'We take this matter very seriously,' and added, 'We will do our utmost to strengthen our security systems and establish measures to protect users in order to prevent recurrence.'

■ Background... Spread of Generative AI and Increase in Automated Collection Attempts

Meanwhile, some have pointed out that with the recent spread of generative AI, attempts to automatically collect both public and non-public information have been increasing. This highlights a growing need to strengthen personal data protection systems across both public institutions and private platforms.

[Written with AI assistance. This article is based on publicly available notices and may be subject to change depending on future investigation results.]