in

This Blog

Syndication

Tags

AlertBoot Endpoint Security

Data Breach Of Nearly All Korean Adults: Data Protection Like File Encryption Definitely Not Used

Two disks with personal information on virtually all adults in South Korea were found on top of a garbage pile in Seoul.  It was pretty obvious that the disks did not use data protection solutions like file encryption from AlertBoot: the person who picked up the disks popped them into his computer and found he had access to 76 Excel files with the names, addresses, and resident registration numbers of over 11 million people—including his own.

 

While originally reported as two CDs, according to a police spokesperson, one of them was actually a DVD disk with a storage capacity of 3.1 GB, and carried the 76 Excel files.  The other disk, a CD, had smaller sample lists in three or four Excel files.  The folder (directory) holding these files was labeled “GS Caltex Customer List.”

 

According to a GS Caltex Executive, the contents on the disks were mostly consistent with customer information in the company’s database that keeps track of customer loyalty programs.  Supposedly, only 12 employees are authorized to access the database.  A GS Caltex VP has been trying to downplay the incident, saying that most of the information is already available from public sources, with only the resident registration numbers being of sensitive nature.

 

Problem is, the resident registration numbers are used for pretty much everything in South Korea.  It’s the equivalent of the US’s Social Security number—and more.  It’s also used for the Korean equivalent of Medicaid and Medicare, and pretty much anywhere a government list of people needs to be made.  Unlike SSNs, which technically are not supposed to be used as permanent IDs, these are.  Hence, companies also use them to create lists.  Plus, these numbers are not random.  The registration numbers show birthdates, gender, and place of birth, at least.  Needless to say, finding out someone’s registration number makes it very easy to carry out fraud.

 

So, why was this information not protected?  I mean, 11 million records, all of them unique, on two disks from a database that can only be accessed by only 12 people.  It only makes sense to use encryption to secure such information, right?  The chances of it being mislaid and ending up somewhere it’s not supposed to be—say, like on a pile of trash—is too big.  Well, all signs point towards an inside job, so my guess is that the information was not encrypted because criminals are not interested in protecting sensitive information.  What the hell do they care, right?  They probably got rid of their own information...

 

Related Articles:

http://www.koreatimes.co.kr/www/news/nation/2008/09/123_30635.html

http://english.donga.com/srv/service.php3?bicode=040000&biid=2008090631088

Published Sep 06 2008, 01:38 AM by sang_lee
Filed under: , , , , , , , , , , ,
 
<Previous Next>

UK NHS: USB Disk Drive Encryption Not Protecting Memory Sticks, Could Be Source Of Next Massive Data Breach

GS Caltex Information Security Breach Leaked By The Criminals. No Wonder There Was No File Encryption

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.