Korea Raises Cyber Threat Level After Daejeon Gov Data Center Fire-Weeks-Long Recovery Looms
SEOUL/DAEJEON - South Korea has raised its national cyber threat level to "Caution" after a fire at the government's National Information Resources Service (NIRS) data center in Daejeon crippled hundreds of e-government systems and exposed single-point-of-failure risks in the country's digital backbone. Authorities say recovery will take weeks, and some systems may require full rebuilds, as agencies move workloads to a backup facility in Daegu.
The blaze broke out on Friday evening, Sept. 26, as workers were relocating lithium-ion batteries near a fifth-floor server room. Fire officials said the incident triggered a cascade across battery packs; the fire took about 22 hours to fully extinguish. Initial disruption counts varied, but by Saturday morning officials had shut down up to 647 systems as a precaution to prevent further damage and data corruption.
By Tuesday, the National Cyber Security Center-under the intelligence service-formally raised the alert from "Attention" to "Caution," warning of opportunistic attacks against weakened networks during the restoration phase. The step came alongside a rolling restoration: government portals, postal banking and identity verification were among the first services to return, while others await migration to the Daegu site. Officials and outside analysts still expect a multi-week timeline before stability is fully restored.
Damage assessments continue to evolve. Local briefings describe hundreds of battery packs destroyed and core racks heat-damaged-a failure pattern that echoes the 2022 KakaoTalk data center incident that forced new safety spacing and redundancy rules. Lawmakers and press are pressing why similar guardrails did not prevent a government-run outage on this scale.
A new wrinkle emerged late Tuesday: some agencies reported September data loss during the outage window, with ministry officials acknowledging in a cabinet discussion that records between Sept. 1-26 may be irretrievable for certain services pending deeper forensics. The Interior Ministry said the scope differs by system and that remediation and re-entry plans are being prepared.
What this means for residents and businesses. Many front-door transactions-certificate issuance, real-estate filings, complaints portals and ministerial emails-have resumed or are being triaged, but back-office workflows and inter-agency exchanges may lag. Agencies advise using alternative channels (in-person counters, call centers) where available, and retaining paper receipts/confirmation screenshots for tasks completed during the outage. For firms that rely on API access to public registries and identity checks, expect rate-limits and batch delays during the migration period. With APEC Leaders' Week due in late October, the government says hardening measures and temporary workarounds will be in place to protect critical processes.
Accountability and next steps. President Lee Jae-myung publicly questioned the lack of functioning backups, calling the incident "foreseeable," and ordered a probe into battery maintenance and disaster-recovery practices at state facilities. Parliament is also seeking answers on why UPS battery rooms were positioned close enough to production racks to allow heat spread, and whether previous replacement advisories for aging cells were acted on promptly. Early reporting notes at least one replacement recommendation had been issued prior to the incident.
Bottom line: South Korea has contained the fire but now faces a complex rebuild under elevated cyber-risk conditions. With the alert at "Caution", officials are racing to restore integrity, migrate surviving workloads and re-create lost datasets where possible. Users should expect uneven service through the Chuseok holiday window and monitor agency notices for deadline adjustments and data re-entry guidance.