The Seoul police are currently investigating two suspects related to a significant data breach involving more than 4.5 million user records from the city's public bike rental service, Ddarungi. The police chief announced that the investigation has been ongoing since at least last year but shockingly, relevant parties such as the Seoul city government and the managing agency had not been informed until reports emerged. This lack of communication raises concerns about transparency in handling such sensitive data issues.

Further details revealed that the investigation began following a distributed denial-of-service (DDoS) attack reported on the Ddarungi app in June 2024, during which suspicions about the data breach surfaced. One suspect related to the data leak was apprehended a year prior, leading to a more comprehensive investigation into the matter, and police also identified the involvement of an accomplice. However, the police did not notify the Seoul Facilities Corporation or the city government about the investigation to avoid hindering their efforts in apprehending further suspects.

In addition to the ongoing investigation, the incident has sparked criticism towards the Seoul Facilities Corporation, which reportedly received a grade A (scoring 80-89) for data protection standards from the Personal Information Protection Commission. Discrepancies in the appraisal system were highlighted as the corporation had received information regarding the breach from KT Cloud yet failed to take necessary legal measures or report it to the appropriate authorities, compounding concerns over the integrity and security of public data management systems in Seoul.