Personal Information Commission Fines National Aviation Museum of Korea 98 Million Won for Data Breach
Personal Information of 10,000 Members Leaked in Hacking Incident
Over 20 People Shared Three Administrator Accounts
The Personal Information Protection Commission announced on December 11 that, during its 26th plenary meeting held on December 10, it decided to impose a fine of 98 million won on the National Aviation Museum of Korea and to publicly disclose the results of the sanction. The details of the disclosure will be available on the commission's website for the next year.
According to the commission's investigation, a hacker gained access to an administrator account of the museum through an unidentified method and infiltrated the administrator page. As a result, the personal information of a total of 11,029 members-including names, user IDs, gender, date of birth, address, and contact information-was leaked externally. Some of the leaked information was found to have been actually used in smishing text messages designed to induce the installation of malicious applications.
The commission also pointed out the laxity of the management system as a problem. The National Aviation Museum of Korea had allowed more than 20 people, including internal staff and personnel from a subcontracted company, to share three administrator accounts. The administrator page was accessible from outside the organization, and no access control measures, such as restricting access to specific IP addresses, were implemented.
Hot Picks Today
"Stocks Are Not Taxed, but Annual Crypto Gains Over 2.5 Million Won to Be Taxed Next Year... Investors Push Back"
- "Another Attack at a Popular Japanese Restaurant"...Three Injured in Shanghai Stabbing Rampage
- "Who Is Visiting Japan These Days?" The Once-Crowded Tourist Spots Empty Out... What's Happening?
- "Am I Really in the Top 30%?" and "Worried About My Girlfriend in the Bottom 70%"... Buzz Over High Oil Price Relief Fund
- "It Has Now Crossed Borders": No Vaccine or Treatment as Bundibugyo Ebola Variant Spreads [Reading Science]
In addition, administrator authentication required only the input of an ID and password, making the system vulnerable, and basic procedures such as regularly checking access logs were not carried out.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
