National Tax Service Individually Notifies Victims... Forms Personal Information Protection Verification TF to Inspect Actual Conditions and Prepare Recurrence Prevention Measures
[Asia Economy Sejong=Reporter Kwon Haeyoung] It has been revealed that the personal information of 821 individuals was fully leaked due to a security vulnerability in the National Tax Service (NTS) Hometax Year-end Tax Settlement Simplification Service.
The NTS announced the investigation results of the security vulnerability exposure incident in the Hometax Year-end Tax Settlement Simplification Service on the 27th.
The Year-end Tax Settlement Simplification Service was launched at 6 a.m. on the 15th with an error occurring during the simple authentication process using private certificates. The simplification service can be accessed by logging in with a joint certificate or a private certificate, but this year, while applying two additional types besides the existing private certificates, a defect occurred in the program connecting to the certification authority. As a result, even if authentication was done with B’s certificate after entering A’s name and resident registration number, the login was completed due to an error. This meant that if someone knew another person’s name and resident registration number, they could log in and view all year-end tax settlement data such as family relations, medical expenses, and card usage amounts.
The NTS recognized the error three days later on the 18th and blocked private certificate logins for about three hours from 8 p.m. that day to fix the issue, but it was impossible to prevent personal information leakage during those three days.
The NTS investigation found 821 cases where the user’s personal information and the information at authentication were different. This means that 821 people suffered personal information leakage damage. The NTS decided to individually notify the 821 people whose data was accessed by others within five days through written letters, emails, or phone calls in accordance with the Personal Information Protection Act and the Standard Personal Information Protection Guidelines. The individual notifications will include an apology letter, details of the data accessed by others, the timing of the personal information exposure, future countermeasures, and procedures for damage relief.
The NTS plans to form a Personal Information Protection Verification Task Force (TF) involving external experts to inspect the overall personal information protection and management status of the entire IT system, including this incident, and prepare measures to prevent recurrence.
An NTS official said, "We sincerely apologize for the occurrence of this incident," and added, "We deeply recognize the seriousness of the matter and will make every effort to ensure that such incidents do not recur."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![User Who Sold Erroneously Deposited Bitcoins to Repay Debt and Fund Entertainment... What Did the Supreme Court Decide in 2021? [Legal Issue Check]](https://cwcontent.asiae.co.kr/asiaresize/183/2026020910431234020_1770601391.png)
