South Korea’s intelligence agency has raised the national cyber threat level, amid concerns that hackers could take advantage of the chaos caused by a fire at a government datacentre that paralysed critical digital infrastructure across the country.
The national cybersecurity centre, operating under the intelligence service, elevated the alert from “attention” to “caution” on Monday, citing fears hackers could exploit vulnerabilities as recovery work continues.
The fire broke out on Friday evening at the national information resources service in Daejeon, a major technology hub 140km (87 miles) south of Seoul. The facility is one of three operational government datacentres managing critical digital infrastructure across the country.
Workers were relocating lithium-ion batteries from a fifth-floor server room to the basement for replacement when one ignited, with the fire spreading to other batteries and adjacent servers. One worker sustained first-degree burns, and firefighters extinguished the fire after 22 hours.
By Saturday morning, officials had shut down 647 government systems fearing further damage. Government email and intranet systems ground to a halt. Mobile identification services went dark, as did postal banking, complaint portals, and major government websites.
Schools could not access student records, and tax payment deadlines passed with systems offline. Real estate transactions stalled without digital document verification. A national crematorium booking system was affected, and some hospitals and transport terminals initially turned away citizens who lacked physical identification cards.
As of 1pm on Tuesday, 89 of the 647 affected systems had been restored, including the main government portal, postal services, and identity verification systems.
Officials estimate 96 of the systems affected were completely destroyed. Transferring them to a backup facility in Daegu will take approximately four weeks, meaning disruption will persist through Chuseok, a weeklong national holiday in early October.
President Lee Jae Myung apologised on Sunday. At a crisis meeting, he expressed shock at the lack of back-up operating systems. “This was a foreseeable incident, yet there were no countermeasures. It’s not that the measures failed to work – they simply did not exist,” he said.
When officials struggled to answer questions about backup protocols, he accused them of “driving without a map”.
The Asia-Pacific Economic Cooperation (APEC) summit, being hosted in the south-eastern city of Gyeongju at the end of October, has heightened security concerns, with the leaders of the US, China and other regional powers set to attend.
In October 2022, a lithium-ion battery fire crippled Kakao, the company behind the country’s dominant super app KakaoTalk. Millions lost access to messenger communications, taxis and digital payments, causing nationwide chaos.
After the Kakao fire, parliament legislated mandatory redundancy systems and spacing requirements between batteries and other equipment for internet service providers and datacentre operators.
The left-leaning Hankyoreh newspaper asked what last week’s failure said about “a country that calls itself an information technology powerhouse”.
The conservative Dong-A Ilbo was equally scathing, noting that even mentioning South Korea’s status as a digital leader had become “embarrassing”.
Politicians from both ruling and opposition camps traded accusations over who bore responsibility. The presidential chief of staff, Kang Hoon-sik, instructed officials on Monday to solve problems rather than blame the previous administration.
