Slashdot Mirror

← Back to Stories (view on slashdot.org)

Two Arrested For Hacking Personal Data of 8.7 Million Phone Users

Posted by samzenpus on from the all-your-info-are-belong-to-us dept.

An anonymous reader writes "South Korea's second largest wireless service provider has apologized after personal data of 8.7 millions of its mobile phone subscribers was stolen by hackers. The details are suspected to have been sold to marketing firms, netting the hackers close to $1 million. From the article: 'South Korean police have arrested two men who allegedly stole the personal information of about 8.7 million cellphone customers from KT Corp., the second biggest mobile carrier in South Korea. The company alerted police on July 13 after detecting traces of hacking attacks. The data was collected for the last five months, starting in February 2012.'"

9 of 43 comments (clear)

  1. And what happens to the marketing firms? by popo · · Score: 4, Interesting

    I don't know anything about Korean law, but aren't they liable as well if they purchase goods that are stolen, or have a reasonable likelihood of being stolen?

    --
    ------ The best brain training is now totally free : )
    1. Re:And what happens to the marketing firms? by Anonymous Coward · · Score: 2, Funny

      They start marketing security tools would be my bet...

    2. Re:And what happens to the marketing firms? by seven+of+five · · Score: 3, Insightful

      Since the phone numbers have proven to be illegal and illegitimate, the marketing co's will do the right thing and not use them, right? Right?

    3. Re:And what happens to the marketing firms? by wvmarle · · Score: 2

      I have no idea whether such laws apply to, as I would rather call it, inappropriately aquired data. After all, theft, stolen goods and handling stolen goods normally refer to physical goods. This is data we are talking about: the victims have not physically lost anything. They had data copied from their devices - which as I understand is illegal in Korea - but the device itself was not stolen.

      It's an interesting point anyway; anyone has any idea how this works in other jurisdictions? Any real-world examples?

    4. Re:And what happens to the marketing firms? by FireFury03 · · Score: 2

      I don't know anything about Korean law, but aren't they liable as well if they purchase goods that are stolen, or have a reasonable likelihood of being stolen?

      My experience here in the UK is:

      I used a popular car insurance comparison website when I was shopping around for cheaper car insurance. On this website I had to enter various personal details such as name, address, date of birth, claim history, etc. Soon afterwards I started receiving cold-calls in connection with the accidents in my claim history. These calls usually started by claiming to be from "the insurance company" and implying they were my insurer, without actually providing the name of the insurer. Initially I wondered if "the insurance company" might actually be the other party's insurer rather than mine (so I was very wary), but when pressed for more detail they put up various BS claims about how they couldn't give me the information I asked for because of the data protection act - I do know my rights under the DPA and I pushed further and eventually it turned out they were actually personal injury lawyers. They wanted me to make a personal injury claim, and still encouraged me to make a claim even after I pointed out that no one was injured, and in fact no one was even in the car when the accident happened (it was parked, someone drove into it).

      Some time later, I started getting calls from other companies (this time in connection with PPI, which isn't even targetted advertising any more since I've never had PPI). They insisted that they didn't need to screen calls against the telephone preference service because I had "agreed" to receive them (the ICO has confirmed that this is not true - they still need to screen against TPS). Eventually, after a lot of correspondance with these cold-calling companies (who were surprisingly cooperative), I discovered that some of the information had come from a marketing company that I had never heard of, but this company had very clearly acquired my details from the insurance comparison site (they even ran their oen insurance comparison site, although this wasn't the one I used).

      Unfortunately, things pretty much stop here - the company that has been selling my details claims that they phoned me and I verbally agreed to receive promotional material from "partner companies". I can neither confirm nor deny whether they phoned me, but I am certain I would never have agreed to this. Unfortunately they have so far declined to provide any evidence to support their position, I have no evidence to support mine, so it's my word against theirs. As far as I can tell, they have taken my details and illegally sold them to a bunch of people, who have then sold them to a bunch of people, etc. The people they sold them to believe that the details the bought were authorised by me, the people further down the chain have even less reason to believe that the information is being distributed illegally.

      In short:
      1. Although the company responsible for illegally selling off my details could probably notify everyone they've sent the data to, they have no inclination to do so.
      2. The data has been bought and sold so many times that there's no way to remove it from everyone's possession - it will continue to be bought and sold and there's nothing I can do to bring it back under my control.
      3. The ICO seems disinclined to help, probably because they already know there's no way to stop the dissemination of this data now it has spread so far and wide.

      The situation in SK would likely be similar - the original marketing companies may well have bought the datsa in good faith, and have now sold it to a bunch of other companies, who have sold it to more companies, etc. There's no way to retract this information now - its been spread too far and wide and the people lower down the chain won't have any idea WTF it came from originally.

      The only solution to these kinds of problem that I can see is to outlaw the transfer of personal data between companies wit

      --
      http://blog.nexusuk.org
  2. Over 5 months in Korea? by Teun · · Score: 2

    I thought Korea had the fastest internet, couldn't they have done this in just a few minutes?

    --
    "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
  3. Re:Wtf? by will_die · · Score: 5, Funny

    Yea but this is slashdot so it is not stealing it is piracy and the "victims" have not lost anything. The copiers have not done anything wrong by taking these bits and distributing it how the "owners" did not originally agree to.

    After all if the owners had made the product available in a format and manner the would be buyers had wanted it they would not had to resort to this method to get the info.

  4. Nigerian hackers by schizz69 · · Score: 2

    Now spamming you in badly written Korean.

  5. Re:Big deal by DJRumpy · · Score: 2

    Yes. I'm still wondering why Murdoch and his FOX ties to hacking haven't resulted in an arrest. Why are CEO's immune while 'regular' people are not?