Hanatour suffered a 2017 personal-data breach after an unidentified attacker compromised a NetClient server, distributed malware to work PCs and servers, gathered internal information, and used plaintext contractor credentials to access the security network through Rview without additional authentication. Investigators found that unencrypted Hi-TAM database credentials stored on an internal PC enabled remote access to operational and development databases and exposure of personal data for 494,669 people, while separate reporting linked malware and infrastructure similarities to suspected North Korean Operation GoldenAxe activity.