Kwon Hyangyeop: "Ministry Unaware of Website 'Hacking' for 42 Days"

by Heo Seonsik

Published 22 Sep.2025 11:08(KST)

Ministry Became Aware After Notification from NCSC of Possible Data Leak
"Law Needs Amendment to Prevent Secondary Damage"

Assemblywoman Hyangyeop Kwon of the Democratic Party of Korea (representing Suncheon, Gwangyang, Gokseong, and Gurye in South Jeolla Province) announced on September 22 that the Ministry of Trade, Industry and Energy became aware of the hacking of its contest website only after 42 days had passed.

So far, only one case of personal information leakage has been confirmed. However, the Personal Information Protection Commission responded that "the scale of the leak may change depending on the final results of the investigation." The number of users of the website this year was 116,330, and the number of contest applicants was 282.

Hyangyeop Kwon, member of the Democratic Party of Korea.

The Ministry of Trade, Industry and Energy holds the "Public Data Utilization Idea Contest" every year. This year, the contest application period was from April 14 to July 14. The victim of the personal information leak submitted a project proposal to the contest site at 9:10 p.m. on April 14. The next day, at 2:12 p.m., their name, affiliation, mobile phone number, email address, and the file name of the contest proposal were leaked.

The ministry only became aware of this fact after 42 days had passed. At 4:20 p.m. on May 27, the National Cyber Security Center (NCSC) contacted the ministry, reporting that it had detected signs of external hacking on the contest website server. The ministry then urgently blocked access to the website. The company entrusted with managing the contest website subsequently reported the incident to the Korea Internet & Security Agency (KISA).

The confirmation of the personal information leak occurred at approximately 10:20 a.m. on May 29. The ministry identified the scale of the leak as one case and, at 3:25 p.m. on May 30, sent an email to the affected individual (the data subject) to inform them of the leak. On the same day, the ministry also reported the personal information leak to the Personal Information Protection Commission.

Assemblywoman Kwon stated, "Even though the server was hacked and personal information was leaked, the ministry was unaware for 42 days," emphasizing, "As large-scale hacking incidents continue to occur, it is urgent to strengthen security measures across all websites operated by the government and public institutions."

She further added, "The current Personal Information Protection Act only requires notification to the data subject whose information was leaked, so even after six months, other users remain unaware of the potential risk. Since investigating personal information leaks can take considerable time, the law should be amended to notify all website users of potential risks and to prevent secondary damage."

Kwon Hyangyeop: "Ministry Unaware of Website 'Hacking' for 42 Days"

Ministry Became Aware After Notification from NCSC of Possible Data Leak "Law Needs Amendment to Prevent Secondary Damage"

Ministry Became Aware After Notification from NCSC of Possible Data Leak
"Law Needs Amendment to Prevent Secondary Damage"