Personal Information Protection Commission Imposes KRW 914.8 Million in Fines and Penalties on Government Employees Pension Service and Gangbuk District Office
Unauthorized System Access by Outsiders: Personal Information Illegally Viewed and Downloaded
KRW 532 Million Fine for Government Employees Pension Service, KRW 380 Million for Gangbuk District Office
The Personal Information Protection Commission announced on March 26 that it has decided to impose a total of KRW 914.8 million in administrative fines and penalties on two public institutions—Government Employees Pension Service and Gangbuk District Office in Seoul—for violating the Personal Information Protection Act.
As a result, the Government Employees Pension Service will face an administrative fine of KRW 532.2 million, along with a disciplinary recommendation, public disclosure, and an order to publicize the violation. Gangbuk District Office will be subject to an administrative fine of KRW 378 million, a penalty of KRW 4.8 million, a correction recommendation, public disclosure, and an order to publicize the violation.
Personal Information Protection Commission Logo. Personal Information Protection Commission
View original imageBetween April 2022 and October 2023, external parties accessed the pension work support system (currently the Intelligent Pension Welfare System) of the Government Employees Pension Service and viewed the personal information of 1,036 government employees, including personnel records, income, and contribution payment details, without authorization. This pension work support system is used for managing government employees’ pension enrollment, calculating pension amounts, and reviewing retirement benefits. Pension officers are able to view resident registration numbers, income data, addresses, and other personal information of government employees within their jurisdiction.
The investigation found that, despite suspicious circumstances such as missing applicant signatures, absent institution head seals, and forged seals on application forms, the Government Employees Pension Service approved all five access rights applications without properly verifying the authenticity of the documents. In addition, the organization did not immediately revoke system access rights for pension officers who lost their authority due to transfers or work changes. It also failed to properly store and manage system access logs, and neglected to review access records for pension officers at each institution.
In the case of Gangbuk District Office, a hacker accessed the administrator page of the video information provision system operated by the district in March 2024 and downloaded the personal information of 973 public officials, including police officers, such as names, authentication information (ID and password), and affiliations.
The investigation revealed that Gangbuk District Office did not restrict access to the personal information processing system by IP address or other means. Even when connecting to the system via the internet (external network), it did not implement secure connection or authentication methods, allowing the hacker to gain illegal access. Furthermore, the district used an insecure encryption algorithm for passwords, failed to retain and manage handler access logs for at least one year, and omitted certain items from the breach notification.
Hot Picks Today
!["Rather Than Endure a 1.5 Million KRW Stipend, I'd Rather Earn 500 Million in the U.S." Top Talent from SNU and KAIST Are Leaving [Scientists Are Disappearing] ①](https://cwcontent.asiae.co.kr/asiaresize/93/2026051914165468840_1779167814.png)
"Rather Than Endure a 1.5 Million KRW Stipend, I'd Rather Earn 500 Million in the U.S." Top Talent from SNU and KAIST Are Leaving [Scientists Are Disappearing] ①
- "No Cure Available, Spread Accelerates... Already 105 Dead, American Infected"
- Foreign Investors Sell 6 Trillion Won Net... KOSPI Closes Below 7,200
- Instead of a National Assembly Profile, Now a 'Carpenter'... Ryu Hojung Says "I Couldn't Do a Body Profile Shoot Twice"
- "How Did an Employee Who Loved Samsung End Up Like This?"... Past Video of Samsung Electronics Union Chairman Resurfaces
An official from the Personal Information Protection Commission stated, "The data breaches at these two institutions resulted from neglecting basic safety measures required by the Protection Act. Public institutions must pay special attention to fulfilling their safety obligations for personal information processing systems." The official added, "In light of this incident, the Commission will continue to guide and verify compliance with safety measures among local governments."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
