Important Information Following a Cyberattack at BELFOR Asia – Update 2

Dear Valued Customer,

Further to our previous communication regarding the Cyber Attack affecting BELFOR Asia and its subsidiaries, we would like to inform you about an important new development. We can now confirm that the perpetrators have leaked the stolen data.

Information published by the perpetrators

Based on the current assessment, the published data include project related, company related and personal information. This may comprise case details, photographs of damage, documentation relating to claims handling, and similar materials connected to customer projects. The personal data stolen may include job related contact data, like name, address, email, phone number.

We are informing you of this fresh development so that you can take it into consideration within your organisation and assess any necessary internal steps.

Possible impact on affected data

Depending on the final results of the investigation, the following risks may arise:

phishing attempts or other fraudulent communication
misuse of contact details for fraudulent purposes
impersonation or identity misuse
ransomware related attempts connected to the published information
disclosure or misuse of confidential project or case information

We would like to draw your attention to these estimated risks so that you can take them into account in your internal processes and risk considerations.

Measures taken or to be taken by BELFOR to prevent, stop, or correct the breach

We are providing an overview of the measures taken or to be taken by the data controller. As investigations are ongoing, we will provide a detailed update once confirmed.

At this stage, BELFOR has initiated the following overarching actions:

All IT systems were shut down and all network connections were disconnected.
Our internal crisis management team began working immediately
External experts were engaged without any delay.
A communication process with the relevant authorities was also initiated immediately.
As part of our response measures, we have successfully migrated our infrastructure to a new IT environment, which is certified in accordance with ISO 27001 and meets high security standards. This environment as well as communication with us through this new system is safe and secure.

Recommended actions (remedial measures)

To help reducing potential risks resulting from the publication of data, we recommend the following general precautions:

Carefully review any unusual or unexpected communications relating to ongoing or past projects
Verify any request for information, payments, or project documentation through established internal channels
Increase vigilance against social engineering, impersonation attempts, or unusually detailed inquiries
Monitor internal systems or workflows that may handle project-related information
Exercise caution regarding phishing or smishing attempts, including suspicious emails, text messages, or phone calls
Do not open suspicious emails or click on links or attachments from unknown or untrusted sources
Report any suspected misuse to your relevant internal contacts and, if needed, to BELFOR via [email protected]

Ongoing investigation

The investigation continues with the support of external specialists. We are working to determine the full scope of the published data and will inform you as soon as we have further verified details regarding the data concerned.

We understand that this situation may be concerning and we apologize for any inconvenience this may cause. Please rest assured that we are doing everything we can to limit the impact of this criminal attack and to manage this matter with the utmost care and diligence.

For your convenience, you may also refer to our initial information here: Important Information Following a Cyber Attack at BELFOR Asia

Thank you for your understanding and cooperation. If you have any questions, please contact us at [email protected].

Kind regards,
Seo Ji-mong,
Managing Director
BELFOR (Korea) Ltd and BELFOR Construction Services

April 29, 2026