Slashdot Mirror

← Back to Stories (view on slashdot.org)

20 Million People Exposed In Massive South Korea Data Leak

Posted by timothy on from the at-least-everyone's-using-msie dept.

wiredmikey writes "While the recent data breach that hit Target has dominated headlines lately, another massive data breach was disclosed this week that affected at least 20 million people in South Korea. According to regulators, the personal data including names, social security numbers, phone numbers, credit card numbers and expiration dates of at least 20 million bank and credit card users was taken by a temporary consultant working at the Korea Credit Bureau (KCB). The consultant later sold the data to phone marketing companies, but has since been arrested along with mangers at the companies he sold the stolen data to. A similar insider-attack occurred at Vodafone late last year when a contractor made off with the personal data of two million customers from a server located in Germany. According to a study from PwC, organizations have made little progress developing defenses against both internal and external attackers, and insiders pose just as great a security risk to organizations as outside attackers."

4 of 53 comments (clear)

  1. So how do you defend against this? by Anonymous Coward · · Score: 2, Insightful

    The data at some stage will be unencrypted or there will be some developer or admin who knows how to unencrypt it.

    It doesn't matter if you pay your staff well - people can still be blackmailed / need money to pay of debts.

    1. Re:So how do you defend against this? by ShanghaiBill · · Score: 5, Insightful

      We need to get rid of the idiotic idea that quasi-public information like SSNs and CC numbers are "secret". Nobody should be able to impersonate you by knowing your SSN, anymore than they can by knowing your name. Likewise, we should get rid of mag-stripe CCs, and switch to a more secure system like much of the rest of the world already has. These data breaches are just a symptom of a deeper problem: No sane system should require that the same information be both secret and widely known.

  2. No surprise by Mashiki · · Score: 4, Insightful

    After all S.Korea uses an activeX plugin for all their security needs...massive single point of failure and all that.

    --
    Om, nomnomnom...
  3. Re:Eventually by rubycodez · · Score: 3, Insightful

    nonsense, this is result of very poor security and no obscurity, using credit card number or ss # is silliness. Transactions with private keys and verification are the way to do things, this is a solved problem that the governments and credit card companies are not using.