Seosam Seok: "Chuksaro" Hacked by Rural Development Administration... Only 5% Password Change Rate

Published 29 Apr.2025 10:30(KST)

Updated 26 Jul.2025 22:47(KST)

open/close

Notification of Personal Information Leak Sent After 11 Days
"Farmers Must Be Notified Directly by Phone"

Seosam Seok, Member of the National Assembly.

Following a hacking incident on the 'Chuksaro' website managed by the Rural Development Administration, which resulted in the leakage of subscriber personal information, concerns have been raised about insufficient measures to prevent secondary damage.

Chuksaro is a livestock management system established under the Livestock Act to help farms easily produce high-quality and safe livestock products. It was introduced in 2013 and has since been operated by the National Institute of Animal Science under the Rural Development Administration.

In 2020, the National Institute of Animal Science commissioned Company A to upgrade the functionalities of 'Chuksaro.' After the contract ended, Company A failed to delete member data and continued to store it. When the storage device was hacked, the personal information leak was first identified on April 10. As a result, information from 3,132 accounts, representing 37% of the total 8,381 accounts, was leaked.

According to an analysis by Seosam Seok, a member of the Democratic Party of Korea representing Yeongam, Muan, and Shinan in South Jeolla Province, based on materials submitted by the Rural Development Administration, as of April 25, only 166 accounts, or 5.3% of the 3,132 compromised accounts, had changed their passwords.

The low password change rate has been attributed to the inadequate response by the Rural Development Administration. After the breach, the agency only posted a notice on the website disclosing the hacking incident and advising users to change their passwords. It was not until 11 days later that the agency directly notified affected farm members via text message. This contrasts with recent cases in the private sector, where companies sent text notifications within four days of detecting a cyber incident.

Furthermore, the Rural Development Administration did not require members to change their passwords upon login until April 21, after Seosam Seok requested related data. However, users who did not access the website did not see the notice, leaving 94% of compromised accounts still exposed to cyber threats.

Seosam Seok stated, "Most farmers are elderly and have limited access to the web, yet the government agency's response to cyberattacks has been limited to website and text notifications." He emphasized, "To protect farmers' personal information from cyber threats, those who have not changed their passwords must be promptly notified by phone."